Back to directory

WRITEUP #1395

OAuth 2.0 Authentication Misconfiguration

OAuthAccount takeoverOpen redirectToken leak

by@minometidjii(Mohamed Lakhdar Metidji)

Program

-

Published

Mar 16, 2023

Added to HackDex

Mar 18, 2023

Read Full Writeuphttps://medium.com/@minometidji/oauth-authentication-misconfiguration-cb43c3b3ec24

▸ RELATED WRITEUPS

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

Built with ❤️ by Shubham Rawat