Back to directory
WRITEUP #5026

CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope]

XSSCORS misconfigurationOpen redirectReflected XSSSession management issue
by@mashoud1122(Mashoud1122)
Bounty
1,500
Program
-
Published
Nov 24, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@mashoud1122/cors-misconfiguration-account-takeover-out-of-scope-to-grab-items-in-scope-66d9d18c7a46
RELATED WRITEUPS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Self-XSS to ATO via Site Features
XSSSelf-XSS
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
A Story About How I Found XSS in ASUS
XSS

Built with ❤️ by Shubham Rawat