achievement_unlocked
@carlos.mendoza-dossier ha resuelto
0-click-ATO — Account Takeover via OTP Brute Force + Email Case-Sensitivity Bypass
BBLABS.ESLab Resuelto
Insane$600
// achievement_unlocked
0-click-ATO — Account Takeover via OTP Brute Force + Email Case-Sensitivity Bypass
API Abuse
mar 2026
C
solved_by@carlos.mendoza-dossierMiembro desde mar 2026
bblabs.es// real bug bounty practice
dificultad
Insane
posición
#1
completados
12
sobre_el_hacker
El track record de @carlos.mendoza-dossier
labs resueltos
18
flags capturadas
12
// últimos labs resueltos
Insane$1,500
Wizard Takeover ATO ( IDOR + CSRF )
mar 2026
Insane$600
0-click-ATO — Account Takeover via OTP Brute Force + Email Case-Sensitivity Bypass
mar 2026
Media$200
HTTP Method Override & Admin Bot Exploitation
mar 2026
Media$140
Open Redirect con Referer Check + Domain Bypass (@)
mar 2026
Difícil$50
IDOR + CORS Chain Attack
mar 2026
FácilVDP
Reflected XSS on 404 Error Page
abr 2026