WRITEUP #2849

Stealing cookies from subdomain leads to takeover user accounts at redacted.com

Auth BypassAccount takeoverXSS

by@0xBijan(Bijan Murmu)

Program

Published

Mar 27, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://web.archive.org/web/20220329163747/https://pwnsec.ninja/2022/03/27/stealing-cookies-from-subdomain-leads-to-takeover-user-accounts-at-redacted-com/

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

XSSSelf-XSS

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat