Back to directory
WRITEUP #1008

SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget Chain

Auth BypassCSTIAccount takeoverSSOOIDC
by@_lauritz_(Lauritz Holtmann)
Program
-
Published
Jun 30, 2023
Added to HackDex
Jul 3, 2023
Read Full Writeuphttps://security.lauritz-holtmann.de/post/csti-xss-sso-gadget-chain/
RELATED WRITEUPS
Forced SSO Session Fixation
Auth BypassSSO
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Account takeover on 8 years old public program
Auth BypassAccount takeover
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat