Back to directory
WRITEUP #5975

Account Takeover and Blind XSS! Go Pro, get Bugs!

IDORStored XSSAccount takeoverBlind XSS
by@_tabahi(Tabahi)
Bounty
3,500
Program
-
Published
May 30, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://blog.witcoat.com/2018/05/30/account-takeover-and-blind-xss-go-pro-get-bugs/
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat