Hi, I’m Duo the owl!

This is my first public disclosure of bugs I’ve discovered in the wild. I’ll just preface this entire article by stating that these are not security vulnerabilities, simply logic errors.

The main aim of this article is less on sharing how these logic errors can be exploited and more on emphasizing the curious discovery that: sometimes applications leverage two separate APIs, for whatever reason and, in doing so, this allows for the introduction of interesting bugs (i.e. this presents a larger attack surface due to the need for securing two independent services instead of just one).

This report is about…

Jon Roethke

information security, blockchain, travel, surf https://waymobetta.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store