Back to directory
WRITEUP #726

Alternative link

OAuthPath confusionOpen redirectHTTP parameter pollutionAccount takeover
by@innotommy(Tommaso Innocenti)
Program
AtlassianMeta / FacebookGitHubMicrosoftYahoo! / Verizon MediaLinkedInSlackVKLINEAuthDigital (Naver)OKORCID
Published
Oct 18, 2023
Added to HackDex
Aug 6, 2024
Read Full Writeuphttps://dl.acm.org/doi/pdf/10.1145/3627106.3627140
RELATED WRITEUPS
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue

Built with ❤️ by Shubham Rawat