Back to directory
WRITEUP #4169

TikTok Careers Portal Account Takeover

CSRFOpen redirectAccount takeover
by@_lauritz_(Lauritz Holtmann)
Bounty
2,373
Program
TikTok
Published
Dec 15, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://security.lauritz-holtmann.de
RELATED WRITEUPS
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat