#73

They Hacked Google A.I. for $50,000

Joseph "rez0" Thacker, Justin "Rhynorater" Gardner and I, Roni "Lupin" Carta collaborated on hacking Google Bard which resulted in $50,000 of bounties. They have interesting bugs as well like an IDOR that allowed you to describe someone’s...

Using form hijacking to bypass CSP

Password managers are great. It’s the first thing I recommend to my non-tech friends. Apart from being more secure than reusing passwords, it’s also very convenient to have your password filled in by the browser extension. However, the auto-fill mechanism also comes...