Back to directory
WRITEUP #4178

Exploiting new-era of Request forgery on mobile applications

CSRFAccount takeover
by@dPhoeniixx(Sayed Abdelhafiz)
Program
Pinterest
Published
Dec 11, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://web.archive.org/web/20210508050717/http://dphoeniixx.com/2020/12/13-2/
RELATED WRITEUPS
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat