Back to directory
WRITEUP #1470

Traveling with OAuth - Account Takeover on Booking.com

OAuthAccount takeoverAuthentication bypassOpen redirect
by@AviadCarmel(Aviad Carmel)
Program
Booking.comKAYAK
Published
Mar 2, 2023
Added to HackDex
Mar 3, 2023
Read Full Writeuphttps://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com
RELATED WRITEUPS
$1600 Bounty on a Main Domain
ReconSession fixation
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection

Built with ❤️ by Shubham Rawat