Back to directory
WRITEUP #3062

How I was able to take over accounts in websites deal with Github as an SSO provider

RCEBruteforceLack of rate limitingSSOEmail verification bypassAccount takeover
byKhaled Mohamed
Program
-
Published
Jan 25, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://infosecwriteups.com/how-i-was-able-to-takeover-accounts-in-websites-deal-with-github-as-a-sso-provider-294290358e0c
RELATED WRITEUPS
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
RCEOTP bruteforce

Built with ❤️ by Shubham Rawat