嗯,用户让我总结一篇文章的内容,控制在一百个字以内,而且不需要特定的开头。首先,我需要仔细阅读文章内容,抓住主要信息。 文章是关于一个安全研究人员在Bugcrowd上发现的一个关键漏洞,Account Takeover(ATO),属于P1级别。但有趣的是,这个漏洞被标记为信息性漏洞,这可能是一个转折点。接着,文章提到研究人员是在一个范围有限的私人项目中发现的,主要是一个登录页面,但登录功能比较独特。 所以,总结的时候要包括:研究人员、平台、漏洞类型、级别、转折点、项目范围和登录功能的独特性。控制在100字以内的话,需要简洁明了。 可能的结构是:研究人员在Bugcrowd发现P1 ATO漏洞,标记为信息性;项目范围小,登录功能独特。这样既涵盖了关键点又符合字数要求。 </think> 一位安全研究人员在Bugcrowd平台上发现了一个被标记为信息性的P1级Account Takeover(ATO)漏洞,并分享了其独特发现的过程。 2026-1-15 08:31:56 Author: infosecwriteups.com(查看原文) 阅读量:0 收藏
Press enter or click to view image in full size
Introduction
Hello Hackers, ANONDGR is here back again with a new and interesting write-up. In this blog, I will let you in on one of my recent findings. On Bugcrowd, I discovered a critical P1 vulnerability called Account Takeover (ATO). But there is a twist to it, so stick to the end. So, let’s start.
You might be thinking, after seeing the screenshot, that if it is a P1, then how can it be informational? Yet, that is the twist. I will explain it later, but now let’s focus on the vulnerability itself.
Initial Observation/Understanding The Application
So I was hunting on a private program that didn’t have much scope—just 5–6 subdomains, and that’s it. Without spending much time on choosing a target, I picked up a random one, which was just a login page.
But the login function was not usual like others we see on the internet; it was a bit unique.
如有侵权请联系:admin#unsafe.sh