Back to directory
WRITEUP #2383

Identity Confusion in WebView-based Mobile App-in-app Ecosystems

OtherAndroidiOS
byLei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang & Min Yang
Bounty
2,500
Program
Alipay
Published
Aug 11, 2022
Added to HackDex
Oct 2, 2022
Read Full Writeuphttps://www.usenix.org/conference/usenixsecurity22/presentation/zhang-lei
RELATED WRITEUPS
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free
Part 2: From Byovdll To Arbitrary Code Execution In Lsass
OtherUse-After-Free

Built with ❤️ by Shubham Rawat