Back to directory

WRITEUP #49

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

byOsama Aly

Bounty

4,000

Program

-

Published

Aug 28, 2024

Added to HackDex

Sep 4, 2024

Read Full Writeuphttps://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Vulnerabilities in Homepage Dashboard

Built with ❤️ by Shubham Rawat