Back to directory
WRITEUP #1732

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

Auth BypassAccount takeoverSSORCEAuthorization bypassSQL injectionMass assignmentInformation disclosure
by@samwcyo(Sam Curry)
Program
KiaHondaInfinitiNissanAcuraMercedes-BenzHyundaiGenesisBMWRolls RoyceFerrariSpireonFordReviverPorscheToyotaJaguarLand RoverSiriusXM
Published
Jan 3, 2023
Added to HackDex
Jan 6, 2023
Read Full Writeuphttps://samcurry.net/web-hackers-vs-the-auto-industry/
RELATED WRITEUPS
Forced SSO Session Fixation
Auth BypassSSO
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Vulnerabilities in Homepage Dashboard
RCESSRF

Built with ❤️ by Shubham Rawat