WRITEUP #4333

Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call

Auth BypassAccount takeover

by@YShahinzadeh(Yashar Shahinzadeh)

Program

Published

Sep 28, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat