Back to directory

WRITEUP #2597

Alternative link

CSRFAccount takeover

by@Retr02332(Retr02332)

Bounty

3,000

Program

Yahoo! / Verizon Media

Published

Jun 16, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://retr02332.medium.com/csrf-leads-to-account-takeover-in-yahoo-aa96c678d2aa

▸ RELATED WRITEUPS

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat