Back to directory
WRITEUP #306

POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows

XSSSSOSAMLOIDCOAuth
by@_lauritz_(Lauritz Holtmann)
Program
OneLoginAuthentikFusionAuthKeycloakMiniOrange / xecurifyLemonLDAP:NG
Published
May 10, 2024
Added to HackDex
May 11, 2024
Read Full Writeuphttps://security.lauritz-holtmann.de/post/sso-security-redirect-uri-iii/
RELATED WRITEUPS
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Self-XSS to ATO via Site Features
XSSSelf-XSS
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat