Back to directory
WRITEUP #4953

Account takeover via HTTP Request Smuggling

Auth BypassHTTP request smugglingAccount takeoverOpen redirectInternal header disclosure
by@_hipotermia_(hipotermia)
Program
-
Published
Jan 3, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://hipotermia.pw/bb/http-desync-account-takeover
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat