Back to directory
WRITEUP #3496

Account Takeover via Access Token Leakage

IDORInformation disclosureAccount takeover
by@tuhin1729_(Tuhin Bose)
Program
-
Published
Aug 19, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://tuhin1729.medium.com/account-takeover-via-access-token-leakage-687276953408
RELATED WRITEUPS
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat