HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackermondev

no profile record

Submissions

We pwned X, Vercel, Cursor, and Discord through a supply-chain attack

gist.github.com
1,167 points·by hackermondev·vor 7 Monaten·433 comments

comments

hackermondev
·vor 5 Monaten·discuss
the fact they're not even trying to hide this is beyond crazy

> openai-watchlistdb.withpersona.com

> openai-watchlistdb-testing.withpersona.com
hackermondev
·vor 7 Monaten·discuss
Discord puts the authentication token in local storage
hackermondev
·vor 7 Monaten·discuss
the impact varied by customer. in Discord's case, the auth token is stored in local storage and their docs is hosted on the primary domain; they were susceptible to a full account takeover. X's docs are on a different subdomain but we found a CSRF attack that could facilitate a full account takeover. most companies were significantly affected in one way or another.
hackermondev
·vor 7 Monaten·discuss
imo, the impact is pretty clear here. an unsuspecting user clicks (or is redirected) to one of these malicious links on the platform (ex. vercel); the script grabs their cookie and credentials and sends it to the attacker. they now have full access to the victim's account.