Back to directory

WRITEUP #4208

Pre-Account Takeover using OAuth Misconfiguration

OAuth

by@7he_unlucky_guy(the_unluck_guy)

Bounty

800

Program

-

Published

Nov 26, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://vijetareigns.medium.com/pre-account-takeover-using-oauth-misconfiguration-ebd32b80f3d3

▸ RELATED WRITEUPS

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

AI Under Siege: Discovering and Exploiting Vulnerabilities

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat