Back to directory

WRITEUP #3240

Exploiting OAuth: Journey to Account Takeover

Auth BypassAccount takeoverOAuthXSSWeak CSPCSRF

by@zombie007o(Aditya Dixit)

Program

-

Published

Nov 19, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://blog.dixitaditya.com/2021/11/19/account-takeover-chain.html

▸ RELATED WRITEUPS

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

Built with ❤️ by Shubham Rawat