Back to directory

WRITEUP #257

Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped

OAuthiOSURL scheme hijackingAccount takeover

by@Evan_Connelly(Evan Connelly)

Program

-

Published

Jun 17, 2024

Added to HackDex

Jul 1, 2024

Read Full Writeuphttps://evanconnelly.github.io/post/ios-oauth/

▸ RELATED WRITEUPS

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

Built with ❤️ by Shubham Rawat