Back to directory
WRITEUP #4042

How I was able to Turn a XSS into a Account Takeover

XSSWeb cache poisoningStored XSSAccount takeoverOAuthLogic flaw
by@Pullerze(Josh Fam)
Program
-
Published
Feb 3, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://pullerjsecu.medium.com/how-i-was-able-to-turn-a-xss-into-a-account-takeover-ae0c478640e7
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Stored XSS in LibreOffice
XSSStored XSS
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexing
XSSStored XSS
Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
Auth BypassAccount takeover
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover

Built with ❤️ by Shubham Rawat