A few weeks ago, I found an interesting account takeover bug in a webserver. This is the type of issue where it’s not too difficult to spot that something is wrong, but it’s surprisingly complicated to create a working exploit, requiring several different attacks to be chained together. In the process, I also ended up learning a lot about modern cryptography algorithms.
