Back to directory

WRITEUP #6496

How I hacked Github again.

Auth BypassOpen redirectAccount takeoverInformation disclosure

by@homakov(Egor Homakov)

Bounty

4,000

Program

GitHub

Published

Feb 7, 2014

Added to HackDex

Sep 15, 2022

Read Full Writeuphttp://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

$1600 Bounty on a Main Domain

ReconSession fixation

Forced SSO Session Fixation

Built with ❤️ by Shubham Rawat