Back to directory
WRITEUP #272

Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse

XSSCookie XSSCookie tossingOAuth Dirty DancingAccount takeover
by@h4r3l(Harel)
Bounty
15,000
Program
Zoom
Published
Jun 7, 2024
Added to HackDex
Jul 1, 2024
Read Full Writeuphttps://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat