1. Executive Summary Vulnerability: Cross-Site WebSocket Hijacking (CSWSH). Description: The application’s WebSocket handshake relies solely on HTTP cookies for session handling and lacks CSRF pr...

1. Executive Summary Vulnerability: XSS Filter Bypass & IP Ban Circumvention (via Handshake Manipulation). Description: The application employs a Web Application Firewall (WAF) or server-side...

1. Executive Summary Vulnerability: Client-Side Bypassed Cross-Site Scripting (XSS) via WebSockets. Description: The application implements a live chat feature using the WebSocket protocol. While ...

1. Executive Summary Vulnerability: Broken Access Control (Insecure Header Validation). Description: The application attempts to verify authorization by checking the HTTP Referer header. It assum...

1. Executive Summary Vulnerability: Broken Access Control in Multi-Step Logic. Description: The application splits a sensitive action (promoting a user) into a multi-step workflow: Selection ->...

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR) with Static File Enumeration. Description: The application saves sensitive user data (chat transcripts) to the server’s...

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR) leading to Sensitive Data Exposure. Description: The application uses an insecure ID parameter to retrieve user profile...

1. Executive Summary Vulnerability: IDOR with Data Leakage in Redirect. Description: The application detects an authorization failure (e.g., User A trying to access User B’s data) and issues a 30...

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR) with GUIDs. Description: The application uses long, complex GUIDs (e.g., 59b3...) to identify users instead of sequentia...

1. Executive Summary Vulnerability: Insecure Direct Object Reference (IDOR). Description: The application exposes a direct reference to an internal database object (the User ID) in the URL. When ...