| nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover |
|
|
|
| Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability |
|
|
|
| Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services |
|
|
|
| GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts |
|
|
|
| Vulnerability Spotlight: CVE-2023-0264 |
|
|
|
| User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264) |
|
|
|
| I’d TAP That Pass |
|
|
|
| OAuth 2.0 Authentication Misconfiguration |
|
|
|
| Traveling with OAuth - Account Takeover on Booking.com |
|
|
|
| Account Takeover worth of $5 |
|
|
|
| draw.io CVEs |
|
|
|
| SSO Gadgets: Escalate (Self-)XSS to ATO |
|
|
|
| Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing |
|
|
|
| How i Hacked Scopely with “Sign in with Google” |
|
|
|
| Bypassing authorization in Google Cloud Workstations [Google VRP] |
|
|
|
| [ GCP 2022 ] Few bugs in the google cloud shell |
|
|
|
| Dodging OAuth origin restrictions for Firebase spelunking |
|
|
|
| Till REcollapse - Fuzzing the web for mysterious bugs |
|
|
|
| How Sigstore quickly patched an upstream vulnerability |
|
|
|
| Bugcrowd — Tale of multiple misconfigurations!! ❌ |
|
|
|
| Account hijacking using "dirty dancing" in sign-in OAuth-flows |
|
|
|
| CVE-2022-25262 | JetBrains Hub single-click SAML response takeover |
|
|
|
| Full Account Takeover via Open Redirection |
|
|
|
| OAuth and PostMessage - Chaining misconfigurations for your access token. |
|
|
|
| Facebook Oauth bypass |
|
|
|
writeups.xyz
/
OAuth