Back to directory
WRITEUP #3566

Slides

CSRFPassword resetHost header injectionAccount takeover
by@innotommy(Tommaso Innocenti)
Program
-
Published
Jul 26, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://innotommy.com/You’ve_Got_(a_Reset)_Mail-Slide.pdf
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS

Built with ❤️ by Shubham Rawat