| Interesting Story of an Account Takeover Vulnerability |
|
|
|
| Self-XSS to ATO via Site Features |
|
|
|
| CSRF Bypass Using Domain Confusion Leads To ATO |
|
|
|
| Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center |
|
|
|
| How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System |
|
|
|
| Forced SSO Session Fixation |
|
|
|
| Account takeover on 8 years old public program |
|
|
|
| Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources |
|
|
|
| The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover |
|
|
|
| Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming! |
|
|
|
| Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP |
|
|
|
| Stealing First Party Access Token of Facebook Users: Meta Bug Bounty |
|
|
|
| Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens |
|
|
|
| $500 for Cracking Invitation Code For Unauthorized Access & Account Takeover |
|
|
|
| Self XSS + Login CSRF + OAuth = Account Takeover |
|
|
|
| Vulnerabilities In CocoaPods Open The Door To Supply Chain Attacks Against Thousands Of iOS And MacOS Applications |
|
|
|
| Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode |
|
|
|
| Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped |
|
|
|
| Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse |
|
|
|
| How a Single Parameter Led to Two ATO Cases |
|
|
|
| Real World GitLab Account Take Over |
|
|
|
| How I was able to discover ATO Via IDOR vulnerability |
|
|
|
| Unsecured Content Provider leads to Account Takeover |
|
|
|
| Taking over accounts in multiple ways |
|
|
|
| How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1 |
|
|
|
writeups.xyz
/
Account Takeover