Back to directory
WRITEUP #3714

How I hacked a Target again and again…

OAuthAccount takeoverXSSBroken Access Control
by@0cirius0(Aditya Verma)
Program
-
Published
May 27, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://cirius.medium.com/how-i-hacked-a-target-again-and-again-6db2e462221f
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat