Back to directory

WRITEUP #2852

Bug Bounty Adventures: A NodeBB 0-day

CSRFAccount takeoverSSOBroken authentication

by@Mar0_0uane(Marouane Mouhtadi)

Program

Opera

Published

Mar 25, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/

▸ RELATED WRITEUPS

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

Forced SSO Session Fixation

Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!

Auth BypassBroken authentication

Plug Security Holes in React Apps That Can Lead to API Exploitation

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat