writeups.xyz / Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining)

Submitter : c2a

Date: 3 November 2018

Bounty : 1,200

Vulnerabilities :

• Open Redirect
• Token Leak
• Account Takeover

Programs :

• Undisclosed

Authors :

• Muhammad Asim Shahzad (@Protector47)

Link :
https://web.archive.org/web/20201030131757/https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567