Back to directory
WRITEUP #2250

Turning cookie based XSS into account takeover

XSSAccount takeover
by@_bergee_(Bartłomiej Bergier)
Bounty
500
Program
Terrahost
Published
Sep 6, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://bergee.it/blog/turning-cookie-based-xss-into-account-takeover/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat