Back to directory
WRITEUP #2393

Defeat the HttpOnly flag to achieve Account Takeover | RXSS

XSSReflected XSSAccount takeover
by@timooon107(Mohamed Tarek)
Program
-
Published
Aug 10, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://mohamedtarekq.medium.com/defeat-the-httponly-flag-to-achieve-account-takeover-rxss-c16849d3d192
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat