WRITEUP #3261

chaining improper authentication to idor and no rate limit for mass account takeover

Auth BypassAccount takeoverLack of rate limitingCSRFIDOR

Program

Published

Nov 12, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://tox7cv3nom.github.io/2021/11/12/chaining-of-csrf-token-misconfiguration-and-no-rate-limit-leads-to-mass-account-takeover.html

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat