Back to directory

WRITEUP #6296

Let’s steal some tokens!

CSRFXSSAccount takeover

by@Zombiehelp54(Mahmoud Gamal)

Bounty

1,000

Program

GoogleShopify

Published

Jun 11, 2017

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://www.seekurity.com/blog/general/lets-steal-some-tokens

▸ RELATED WRITEUPS

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

CSRF Bypass Using Domain Confusion Leads To ATO

CSRFAccount takeover

How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat