Back to directory

WRITEUP #720

Oh-Auth - Abusing OAuth to take over millions of accounts

OAuthAccount takeover

by@AviadCarmel(Aviad Carmel)

Program

GrammarlyVidioBukalapak

Published

Oct 24, 2023

Added to HackDex

Jan 8, 2024

Read Full Writeuphttps://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

▸ RELATED WRITEUPS

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

Built with ❤️ by Shubham Rawat