Back to directory
WRITEUP #2083

Fall account takeover via Amazon Cognito misconfiguration

IDORAccount takeover
by@iknowhatodo0x01(Hossam Ahmed)
Program
-
Published
Oct 13, 2022
Added to HackDex
Oct 17, 2022
Read Full Writeuphttps://medium.com/@iknowhatodo/fall-account-takeover-via-amazon-cognito-misconfiguration-ba5975b06c24
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat