Sometimes, you find a way to abuse a system and you don't get a bounty payout. Such is life! This is what happened here, but... It is a bit different to the usual tale from the world of infosec, because I didn't technically exploit anything, yet still managed to perform account takeovers on well known backup provider Backblaze, including 'accidentally' taking over a legitimate customer account (which contained live, real world data). I merely abused a somewhat poorly constructed instruction i...
No comments yet. Log in to reply on the Fediverse. Comments will appear here.