WRITEUP #5719

Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining)

Auth BypassOpen redirectToken leakAccount takeover

by@protector47(Muhammad Asim Shahzad)

Bounty

1,200

Program

Published

Nov 3, 2018

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://web.archive.org/web/20201030131757/https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat