Back to directory
WRITEUP #640

Google OAuth is broken (sort of)

OAuth
by@insecurenature(Dylan Ayrey)
Bounty
1,337
Program
GoogleZoomSlack
Published
Dec 15, 2023
Added to HackDex
Jan 2, 2024
Read Full Writeuphttps://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
RELATED WRITEUPS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue
AI Under Siege: Discovering and Exploiting Vulnerabilities
AI / LLMAI
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat