HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackermondev

no profile record

Submissions

We pwned X, Vercel, Cursor, and Discord through a supply-chain attack

gist.github.com
1,167 points·by hackermondev·7 bulan yang lalu·433 comments

comments

hackermondev
·5 bulan yang lalu·discuss
the fact they're not even trying to hide this is beyond crazy

> openai-watchlistdb.withpersona.com

> openai-watchlistdb-testing.withpersona.com
hackermondev
·7 bulan yang lalu·discuss
Discord puts the authentication token in local storage
hackermondev
·7 bulan yang lalu·discuss
the impact varied by customer. in Discord's case, the auth token is stored in local storage and their docs is hosted on the primary domain; they were susceptible to a full account takeover. X's docs are on a different subdomain but we found a CSRF attack that could facilitate a full account takeover. most companies were significantly affected in one way or another.
hackermondev
·7 bulan yang lalu·discuss
imo, the impact is pretty clear here. an unsuspecting user clicks (or is redirected) to one of these malicious links on the platform (ex. vercel); the script grabs their cookie and credentials and sends it to the attacker. they now have full access to the victim's account.