Back to directory
WRITEUP #1145

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

OAuthAccount takeover
by@AviadCarmel(Aviad Carmel)
Program
ExpoCodeacademy.com
Published
May 24, 2023
Added to HackDex
May 29, 2023
Read Full Writeuphttps://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
RELATED WRITEUPS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue

Built with ❤️ by Shubham Rawat