Back to directory
WRITEUP #4319

Watch your requests! Open redirect to a complete account takeover

SSRFPath traversalOpen redirectAccount takeover
by@ninetyn1ne_(Suraj Disoja)
Program
-
Published
Oct 5, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://ninetyn1ne.github.io/2020-10-05-open-redir-to-ato/
RELATED WRITEUPS
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough
AI / LLMAI
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
IIS welcome page to source code review to LFI!
SSRFLFI

Built with ❤️ by Shubham Rawat