Back to directory

WRITEUP #5599

How I could have taken over any Pinterest account

CSRFAccount takeover

by@armold9anthony(Arnold Anthony)

Bounty

2,400

Program

Pinterest

Published

Jan 5, 2019

Added to HackDex

Sep 15, 2022

Read Full Writeuphttp://infosecflash.com/2019/01/05/how-i-could-have-taken-over-any-pinterest-account/

▸ RELATED WRITEUPS

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Built with ❤️ by Shubham Rawat