Back to directory
WRITEUP #6194

Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts

OAuthAccount takeover
byMichael Reizelman
Bounty
4,000
Program
Yahoo! / Verizon Media
Published
Oct 12, 2017
Added to HackDex
Feb 1, 2024
Read Full Writeuphttps://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/
RELATED WRITEUPS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue

Built with ❤️ by Shubham Rawat