WRITEUP #253

Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode

XSSOIDCAccount takeoverCSP bypassWAF bypass

by@_lauritz_(Lauritz Holtmann)

Program

Tools for Humanity (Worldcoin)

Published

Jun 19, 2024

Added to HackDex

Jul 8, 2024

Read Full Writeuphttps://security.lauritz-holtmann.de/advisories/tfh-form_post-xss-ato/

▸ RELATED WRITEUPS

Built with ❤️ by Shubham Rawat