Back to directory
WRITEUP #710

XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover

OAuthXSSCSP bypassAccount takeover
by@novoselov_s(Serj Novoselov)
Program
-
Published
Oct 29, 2023
Added to HackDex
Feb 1, 2024
Read Full Writeuphttps://infosecwriteups.com/xss-on-the-oauth-callback-url-with-csp-bypass-leading-to-zero-click-account-takeover-c6c870b234bd
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Type confusion attacks in ProseMirror editors
XSSType confusion

Built with ❤️ by Shubham Rawat