Introduction This post details an issue which allows for enumeration of the last four digits of the payment method (such as a credit or debit card) and for the disclosure of account balance and recent transactions of any given PayPal account. This attack was submitted to PayPal’s bug bounty program where it was classified as […]Read more "PayPal: Disclosure of account balance and recent transactions"
INTRODUCTION In the current age of information, any technology you own could potentially be used as an avenue for attack, including your mobile phone. In writing and publishing this piece, I am hoping to highlight the risk of linking a single invariable phone number across all of your online accounts, and how doing so could […]Read more "Fuzzing for obfuscated phone numbers"
This post details a vulnerability that allowed for a complete bypass of Twitter’s account lockout mechanism; which is responsible for locking an account when suspicious login activity has been detected. If your account was locked due to suspicious login attempts, you would be presented with a verification page upon signing in where you would have […]Read more "Twitter: Bypassing the account lockout mechanism"