Back to directory
WRITEUP #2592

How I hacked one of the biggest Airline in the world

IDORAccount takeoverBroken authorization
by@Sazouki_(Dali Jandro)
Program
-
Published
Jun 18, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@sazouki/how-i-hacked-one-of-the-biggest-airline-in-the-world-e7810dc43791
RELATED WRITEUPS
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing

Built with ❤️ by Shubham Rawat