Back to directory
WRITEUP #1012

Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API

XSSStored XSSCSP bypassAccount takeoverGraphQL
by@pmnh_(Peter M)
Program
-
Published
Jun 29, 2023
Added to HackDex
Jul 3, 2023
Read Full Writeuphttps://www.pmnh.site/post/witeup_lhe_graphql_stored_xss/
RELATED WRITEUPS
Type confusion attacks in ProseMirror editors
XSSType confusion
Self-XSS to ATO via Site Features
XSSSelf-XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
Stored XSS in LibreOffice
XSSStored XSS
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexing
XSSStored XSS

Built with ❤️ by Shubham Rawat