Back to directory

WRITEUP #372

Oauth Misconfiguration Leads to 0-Click ATO

Auth BypassAccount takeoverAuthentication bypassOAuth

by@0xSekiro(Muhammad Mostafa)

Program

-

Published

Apr 2, 2024

Added to HackDex

Jul 15, 2024

Read Full Writeuphttps://medium.com/@mohamed0xmuslim/oauth-misconfiguration-leads-to-0-click-ato-b407fe05fdf4

▸ RELATED WRITEUPS

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat