Back to directory

WRITEUP #1311

Steal authentication token with one-click on misconfigured WebView.

Auth BypassAndroidWebviewAccount takeover

by@0xWise(Kerolos A. Saber)

Bounty

3,000

Program

-

Published

Apr 8, 2023

Added to HackDex

Apr 24, 2023

Read Full Writeuphttps://0xwise.medium.com/are-clicking-links-safe-f7cfcae2e421

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat