writeups.xyz
/
Tommaso Innocenti (@Innotommy)
Title
Vulnerabilities
Programs
Authors
OAuth 2.0 Redirect URI Validation Falls Short, Literally
OAuth
Path Confusion
Open Redirect
HTTP Parameter Pollution
Account Takeover
Atlassian
Meta / Facebook
GitHub
Microsoft
Yahoo! / Verizon Media
LinkedIn
Slack
VK
LINE
AuthDigital (Naver)
OK
ORCID
Tommaso Innocenti (@Innotommy)
Matteo Golinelli
Kaan Onarlioglu
Ali Mirheidari
Bruno Crispo
Engin Kirda
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies
HTTP Request Smuggling
DoS
Undisclosed
Bahruz Jabiyev (@BahruzJabiyev)
Steven Sprecher (@StevenSprecher)
Anthony Gavazzi
Tommaso Innocenti (@Innotommy)
Kaan Onarlioglu
Engin Kirda
You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures
Password Reset
Host Header Injection
CSRF
Account Takeover
Undisclosed
Tommaso Innocenti (@Innotommy)
Ali Mirheidari
Amin Kharraz (@Amin_kharaz)
Bruno Crispo
Engin Kirda
Page 1 of 1
writeups.xyz
/
Tommaso Innocenti (@Innotommy)