Back to directory
WRITEUP #1116

Critical vulnerability on TP-Link service or how I got 0$

IDORAccount verification bypassInformation disclosureAccount takeover
by@novoselov_s(Serj Novoselov)
Program
TP-Link
Published
Jun 1, 2023
Added to HackDex
Feb 1, 2024
Read Full Writeuphttps://infosecwriteups.com/critical-finding-on-tp-link-service-or-how-i-got-0-fc86a0e52eaf
RELATED WRITEUPS
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat