Back to directory

WRITEUP #3257

Exploiting CSP in Webkit to Break Authentication & Authorization

ReconInformation disclosureCSP leakAccount takeover

by@sachinnthakuri(Sachin Thakuri)

Bounty

100,000

Program

Apple

Published

Nov 13, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://threatnix.io/blog/exploiting-csp-in-webkit-to-break-authentication-authorization/

▸ RELATED WRITEUPS

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

P3 (Medium) : How I Gain Access To NASA's Internal Workspace?!

ReconInformation disclosure

How I Got Bugs From Google Dorks

ReconInformation disclosure

How I can easily get four P1 at NASA using Simple Google Dorking.

ReconInformation disclosure

$1600 Bounty on a Main Domain

ReconSession fixation

Built with ❤️ by Shubham Rawat