Back to directory
WRITEUP #1099

How I was able to get account takeover via IDOR form JWT

IDORJWTBruteforceSelf-XSSAccount takeover
by@M0x0101(Mohamed Reda)
Program
-
Published
Jun 6, 2023
Added to HackDex
Jun 6, 2023
Read Full Writeuphttps://medium.com/@M0X0101/how-i-was-able-to-get-account-takeover-via-idor-form-jwt-caaf7ea58aa
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat