Lauritz Holtmann (@_Lauritz_)

Title	Vulnerabilities	Programs	Authors
Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode	OIDC XSS Account Takeover CSP Bypass WAF Bypass	Tools for Humanity (Worldcoin)	Lauritz Holtmann (@_Lauritz_)
POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows	XSS SSO SAML OIDC OAuth	OneLogin Authentik FusionAuth Keycloak MiniOrange / Xecurify LemonLDAP:NG	Lauritz Holtmann (@_Lauritz_)
SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget Chain	CSTI Account Takeover SSO OIDC	Undisclosed	Lauritz Holtmann (@_Lauritz_)
SSO Gadgets: Escalate (Self-)XSS to ATO	SSO OAuth Account Takeover Self-XSS Login CSRF	Undisclosed	Lauritz Holtmann (@_Lauritz_)
Personal Access Token Disclosure in Asana Desktop Application	Information Disclosure Hardcoded Credentials	Asana	Lauritz Holtmann (@_Lauritz_)
Flickr Account Takeover	Account Takeover Broken Authentication	Flickr	Lauritz Holtmann (@_Lauritz_)
Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri	OAuth Prototype Pollution	GitHub Microsoft StackExchange	Lauritz Holtmann (@_Lauritz_)
XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing	XSS HTML Injection	Undisclosed	Lauritz Holtmann (@_Lauritz_)
TikTok Careers Portal Account Takeover	CSRF Open Redirect Account Takeover	TikTok	Lauritz Holtmann (@_Lauritz_)
CVE-2020-13294	Broken Authentication OIDC OAuth	GitLab	Lauritz Holtmann (@_Lauritz_)

Page 1 of 1