| Race Condition Authentication Bypass leads to Full Account Takeover |
|
|
|
| Oauth Misconfiguration Leads to 0-Click ATO |
|
|
|
| FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk |
|
|
|
| OpenStack Admin Account Takeover due to Unsafe Environment Handling in MuranoPL |
|
|
|
| Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data |
|
|
|
| Cross Window Forgery: A Web Attack Vector |
|
|
|
| Account Takeover [It Looked Secure at First] |
|
|
|
| Hacking Microsoft and Wix with Keyboard Shortcuts |
|
|
|
| CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover |
|
|
|
| Null Byte on Steroids |
|
|
|
| ChatGPT Account Takeover - Wildcard Web Cache Deception |
|
|
|
| Chaining IDOR and Host Header can takeover 18 Billion of users account |
|
|
|
| Multiple Vulnerabilities On GestSup 3.2.44 |
|
|
|
| Understanding GitLab EE/CE Account TakeOver (CVE-2023-7028) |
|
|
|
| IDN Homograph Attack - Reborn of the Rare Case |
|
|
|
| How I was able to takeover any account (Zero-click ATO) |
|
|
|
| Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise |
|
|
|
| Account takeover vulnerability that resulted in $2500 bounty! |
|
|
|
| Duplicate CSRF… Leads to |
|
|
|
| From an Innocent Client-Side Path Traversal to Account Takeover |
|
|
|
| One Scheme to Rule Them All: OAuth Account Takeover |
|
|
|
| Account takeover through register functionnality |
|
|
|
| Hijacking OAuth Code via Reverse Proxy for Account Takeover |
|
|
|
| $7000 Bounty on a Single Web Application |
|
|
|
| XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover |
|
|
|
writeups.xyz
/
Account Takeover