HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackermondev

no profile record

Submissions

We pwned X, Vercel, Cursor, and Discord through a supply-chain attack

gist.github.com
1,167 points·by hackermondev·7 miesięcy temu·433 comments

comments

hackermondev
·5 miesięcy temu·discuss
the fact they're not even trying to hide this is beyond crazy

> openai-watchlistdb.withpersona.com

> openai-watchlistdb-testing.withpersona.com
hackermondev
·7 miesięcy temu·discuss
Discord puts the authentication token in local storage
hackermondev
·7 miesięcy temu·discuss
the impact varied by customer. in Discord's case, the auth token is stored in local storage and their docs is hosted on the primary domain; they were susceptible to a full account takeover. X's docs are on a different subdomain but we found a CSRF attack that could facilitate a full account takeover. most companies were significantly affected in one way or another.
hackermondev
·7 miesięcy temu·discuss
imo, the impact is pretty clear here. an unsuspecting user clicks (or is redirected) to one of these malicious links on the platform (ex. vercel); the script grabs their cookie and credentials and sends it to the attacker. they now have full access to the victim's account.