Back to directory
WRITEUP #1438

Unauthorized access to Codespace secrets in GitHub

Logic BugLogic flawBroken Access ControlAccount takeover
by@OphionSecurity(Ophion Security)
Program
GitHub
Published
Mar 7, 2023
Added to HackDex
Mar 8, 2023
Read Full Writeuphttps://ophionsecurity.com/blog/access-organization-secrets-in-github
RELATED WRITEUPS
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw
Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat