Back to directory
WRITEUP #5121

[Case Study] OAuth Misconfiguration leads to Account Takeover

OAuthAccount takeover
by@0xgaurang(Gaurang Bhatnagar)
Program
-
Published
Sep 21, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
RELATED WRITEUPS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue

Built with ❤️ by Shubham Rawat