Deep dive into two logic vulnerabilities discovered and reported through Swisscom's Bug Bounty Program. These affected MyCloud Safe, Swisscom's end-to-end encrypted cloud storage solution. This post concludes with some thoughts about finding more complex vulnerabilities.
Story and details about a session-related vulnerability found in EPFL's COM-301 homework submission and grading website, which eventually allowed any student to take over another student's account.