Back to directory
WRITEUP #1627

Mass Account takeover by bypassing 2 FA

IDOR2FA / MFA bypassAccount takeover
by@by6153(Zeeshan Mustafa)
Program
-
Published
Jan 31, 2023
Added to HackDex
Feb 16, 2023
Read Full Writeuphttps://z-sec.co/mass-account-takeover
RELATED WRITEUPS
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat