Back to directory
WRITEUP #4378

Never Give Up, The Story Behind a Dupe-To-Triaged

XSSOAuthAccount takeover
by@soyelmago(Alan Brian)
Program
-
Published
Sep 6, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@soyelmago/never-give-up-the-story-behind-a-dupe-to-a-triaged-43b72debb6c9
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat