Back to directory
WRITEUP #5027

The AccountTakeOver Killing Chain

Auth BypassAccount takeoverCSRFSelf-XSS
by@xhzeem(أنس روبي)
Program
-
Published
Nov 23, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://web.archive.org/web/20200511012319/https://medium.com/@xhzeem/the-accounttakeover-killing-chain-6ba23f4c9d4
RELATED WRITEUPS
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat