HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackermondev

no profile record

Submissions

We pwned X, Vercel, Cursor, and Discord through a supply-chain attack

gist.github.com
1,167 points·by hackermondev·7 mesi fa·433 comments

comments

hackermondev
·5 mesi fa·discuss
the fact they're not even trying to hide this is beyond crazy

> openai-watchlistdb.withpersona.com

> openai-watchlistdb-testing.withpersona.com
hackermondev
·7 mesi fa·discuss
Discord puts the authentication token in local storage
hackermondev
·7 mesi fa·discuss
the impact varied by customer. in Discord's case, the auth token is stored in local storage and their docs is hosted on the primary domain; they were susceptible to a full account takeover. X's docs are on a different subdomain but we found a CSRF attack that could facilitate a full account takeover. most companies were significantly affected in one way or another.
hackermondev
·7 mesi fa·discuss
imo, the impact is pretty clear here. an unsuspecting user clicks (or is redirected) to one of these malicious links on the platform (ex. vercel); the script grabs their cookie and credentials and sends it to the attacker. they now have full access to the victim's account.