Back to directory
WRITEUP #4653

IDOR in session cookie leading to Mass Account Takeover

IDORAccount takeover
by@zonduu1(Zonduhackerone)
Bounty
2,000
Program
-
Published
May 29, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://zonduu.medium.com/idor-in-session-cookie-leading-to-mass-account-takeover-d815ff3732d5
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat