| Oh-Auth - Abusing OAuth to take over millions of accounts |
|
|
|
| $9240 Bounty in 30 days Hunt Challenge |
|
|
|
| OAuth 2.0 Redirect URI Validation Falls Short, Literally |
|
|
|
| nOAuth: Account Takeover via Microsoft Oauth |
|
|
|
| $1,250 worth of Host Header Injection |
|
|
|
| Uncovering a Critical Vulnerability in Samsung Mobile Security: A Bug Bounty Journey |
|
|
|
| Insecure Authentication Tokens leading to Account Takeover |
|
|
|
| Blog: OmniSpace, from automated 0day XSS to RCE |
|
|
|
| Account hijack for anyone using Google sign-in with , due to response-type switch + leaking href to XSS on login.redacted.com |
|
|
|
| Playing Dominos with Moodle's Security (2/2) |
|
|
|
| RCE via Account Takeover |
|
|
|
| ATO | How I exploited security issue to take over admin account |
|
|
|
| Customer account takeover in Shopify stores |
|
|
|
| From Revealing Emails to Taking Over Accounts (Hacking Telecom) |
|
|
|
| 0 Click ATO with the Sandwich Attack |
|
|
|
| $1000 for a simple Stored XSS |
|
|
|
| Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform |
|
|
|
| No keys attached: Exploring GitHub-to-AWS keyless authentication flaws |
|
|
|
| A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State |
|
|
|
| How Private Cache Can Lead to Mass Account Takeover – pentest case |
|
|
|
| Story of Clickjacking on Microsoft Leads To Privilege Escalation & Account Takeover Of Admin |
|
|
|
| Account (of the CEO) Takeover via Password Reset |
|
|
|
| IDN Homograph Attack and Response Manipulation - The Rarest Case |
|
|
|
| Account Takeover via Custom OTP, No User Interaction Required! |
|
|
|
| PenTales: “User enumeration is not a vulnerability” – I beg to differ |
|
|
|
writeups.xyz
/
Account Takeover