WRITEUP #901

Cross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth 2.0 in Power Automate

OAuthCross-tenant vulnerability

by@Fatnass1F1ras(Firas Fatnassi)

Program

Microsoft

Published

Aug 4, 2023

Added to HackDex

Aug 8, 2023

Read Full Writeuphttps://fatnassifiras.medium.com/cross-tenant-information-disclosure-unraveling-microsoft-connections-custom-connectors-and-oauth-6487321d28b3

▸ RELATED WRITEUPS

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

AI Under Siege: Discovering and Exploiting Vulnerabilities

AI / LLMAI

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS

XSSOAuth

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat