Back to directory
WRITEUP #6612

This OAuth Bug Earned Me $$$$: Account Takeover via Identity Injection

Bug BountyOAuth MisconfigurationAuthentication Bypass
byhacker_might
Program
Bugcrowd
Published
Oct 9, 2025
Added to HackDex
Mar 28, 2026
Read Full Writeuphttps://medium.com/legionhunters/this-oauth-bug-earned-me-account-takeover-via-identity-injection-27774f65288c
RELATED WRITEUPS
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
$1600 Bounty on a Main Domain
ReconSession fixation
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
RCEConfusion attack

Built with ❤️ by Shubham Rawat