Back to directory
WRITEUP #366

How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1

XSSDOM XSSAccount takeoverOAuth
by@Benasin3(Benasin)
Bounty
8,000
Program
-
Published
Apr 6, 2024
Added to HackDex
Aug 6, 2024
Read Full Writeuphttps://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Lessons Learned From Exposing Unusual XSS Vulnerabilities
XSSDOM XSS

Built with ❤️ by Shubham Rawat