I and my friend @0xbartita responsibly disclosed a critical vulnerability in Laravel Reverb (CVSS 9.8/10), now patched and disclosed by the Laravel team.
CVE-2026-23524: https://t.co/OVlCpY1yTD
#bugbountytips#bugbountytip#CVE#Laravel#PHP#Reverb
Deep Link Hijacking to Full Account Takeover: A Complete Guide
In this blog, I dive into how I exploited deep link vulnerabilities in Android applications to achieve full account takeover.
Check it out here: https://t.co/ipqGIE8KxO
During a bug bounty engagement for a program with four distinct Android applications, I discovered that one of the applications exposes a deep link handler associated with the login functionality, utilizing the scheme `scheme://login?token=...`.
Read the Comments โฌ๏ธ
4. Impact: Full Account Compromise. Tips: If the target offers multiple Android applications and a vulnerability is identified in one, it is advisable to investigate whether the same or similar vulnerability exists across the other applications.
@omidxrz use Nox if you have no WSL installed on your machine,
for better experience, use the emulator of the android studio.
one more thing, use the google pixel devices