Back to directory

WRITEUP #2534

Account hijacking using "dirty dancing" in sign-in OAuth-flows

OAuthAccount takeoverOAuth Dirty Dancing

by@fransrosen(Frans Rosén)

Program

-

Published

Jul 7, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/

▸ RELATED WRITEUPS

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

Built with ❤️ by Shubham Rawat