Back to directory
WRITEUP #1095

Abusing Client-Side Desync on Werkzeug

Auth BypassClient-Side Desync attackHTTP request smugglingAccount takeoverOpen redirectXSS
by@kevin_mizu(Mizu)
Program
Werzeug
Published
Jun 7, 2023
Added to HackDex
Jun 12, 2023
Read Full Writeuphttps://mizu.re/post/abusing-client-side-desync-on-werkzeug
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat