Back to directory

WRITEUP #2704

Forging OAuth tokens using discovered client id and client secret

ReconInformation disclosureAccount takeover

by@AshrafBasyoni4(Basyouni)

Program

-

Published

May 12, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://basyounii.medium.com/forging-oauth-tokens-using-discovered-client-id-and-client-secret-d224e4e7892a

▸ RELATED WRITEUPS

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

P3 (Medium) : How I Gain Access To NASA's Internal Workspace?!

ReconInformation disclosure

How I Got Bugs From Google Dorks

ReconInformation disclosure

How I can easily get four P1 at NASA using Simple Google Dorking.

ReconInformation disclosure

$1600 Bounty on a Main Domain

ReconSession fixation

Built with ❤️ by Shubham Rawat