TikTok | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability	XSS Account Takeover OAuth	TikTok	Mrhavit Const
Imperva Red Team Discovers Vulnerability in TikTok That Can Reveal User Activity and Information	PostMessage	TikTok	Ron Masas (@RonMasas)
How I Found an Insecure Direct Object Reference in TikTok	IDOR	TikTok	Mrhavit
Stored XSS at https://www.tiktok.com/ the name of the attacker’s account carrying XSS payload will be triggered when the victim Send Video	Stored XSS	TikTok	Aidil Arief
Tag Myself in Your Favorite TikTok Artist Video [IDOR]	IDOR	TikTok	Apapedulimu / Nosa Shandy (@LocalHost31337)
Vulnerability in TikTok Android app could lead to one-click account hijacking	Insecure Deeplink Android	TikTok	Microsoft 365 Defender Research Team
XSS Blind Stored at 2 Assets TikTok	XSS	TikTok	Aidil Arief
XSS Blind Stored at Asset Domain Android Apps TikTok	Stored XSS	TikTok	Aidil Arief
A Tale of Confusing IDOR	IDOR	TikTok	Avi (@_Naaash_)
Multiple vulnerability leading to account takeover in TikTok SMB subdomain.	IDOR	TikTok	Ahmad a Abdulla (@Lu3ky13)
Subdomain Takeover via Leadpages Services on Tiktok	Subdomain Takeover	TikTok	Mohamed Haron (@M7mdharon)
How I hacked worldwide Tiktok users	IDOR	TikTok	S3c (@S3c_krd)
TikTok for Android 1-Click RCE	RCE XSS Insecure Intent Android	TikTok	Sayed Abdelhafiz (@DPhoeniixx)
TikTok Careers Portal Account Takeover	CSRF Open Redirect Account Takeover	TikTok	Lauritz Holtmann (@_Lauritz_)
TikTok fixes privacy issue discovered by Check Point Research	Information Disclosure	TikTok	Eran Vaknin Alon Boxiner

Page 1 of 1