.png)
3 months ago
18 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi Everyone, I’m excited to share my latest discovery of a vulnerability in ExamenTry (a pseudonym for confidentiality), which allows an attacker to reclaim a project even after it has been transferred to another user. This discovery earned me a bounty of $800.
Understanding the Target: ExamenTry
ExamenTry is a robust platform that provides error tracking and monitoring services, enabling developers to identify and resolve issues in their applications efficiently. It offers various features to manage and transfer projects between users, ensuring seamless collaboration. However, a critical flaw in the project transfer process was identified that compromises the permanence of these transfers.
The Flaw: Exploiting Project Transfer Vulnerability
ExamenTry promises that project transfers are permanent and cannot be undone. However, a vulnerability in this process allows an attacker to reclaim control of a project even after it has been transferred to another user. By capturing and reusing specific API requests, an attacker can bypass the intended permanence of the project transfer, leading to unauthorized access and control.
Understanding the Bug Type: Improper Authorization
Bengali (Bangladesh) · 
English (United States) ·