Back to directory
WRITEUP #2984

Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover

CloudAWS misconfigurationAccount takeover
by@cyber01_(Preetham Bomma)
Program
-
Published
Feb 14, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://infosecwriteups.com/hacking-aws-cognito-misconfiguration-to-zero-click-account-takeover-36a209a0bd8a
RELATED WRITEUPS
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat