Back to directory
WRITEUP #1607

SSO Gadgets: Escalate (Self-)XSS to ATO

OAuthSSOAccount takeoverSelf-XSSLogin CSRF
by@_lauritz_(Lauritz Holtmann)
Program
-
Published
Feb 4, 2023
Added to HackDex
Feb 7, 2023
Read Full Writeuphttps://security.lauritz-holtmann.de/post/xss-ato-gadgets/
RELATED WRITEUPS
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Forced SSO Session Fixation
Auth BypassSSO
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat