| Bypassing Identity-Aware Proxy - Google Cloud Vulnerability |
|
|
|
| Exploiting OAuth: Journey to Account Takeover |
|
|
|
| Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri |
|
|
|
| Account Takeover via improper input validation |
|
|
|
| This is why you shouldn’t trust your Federated Identity Provider |
|
|
|
| Oauth client secret leak and possible IDOR leading to PII Disclosure |
|
|
|
| How I could have hacked your medium account by phishing your FB, Twitter & Google credentials. |
|
|
|
| Information Disclosure to Account Takeover |
|
|
|
| Mattermost Server v5.32 > v5.36 Reflected XSS in OAuth flow |
|
|
|
| How I hacked a Target again and again… |
|
|
|
| Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens |
|
|
|
| Facebook account takeover due to unsafe redirects after the OAuth flow |
|
|
|
| Got Nice catch by Google |
|
|
|
| Facebook account takeover due to a bypass of allowed callback URLs in the OAuth flow |
|
|
|
| OAuth Misconfiguration found in small time-window of attack |
|
|
|
| OAuth Misconfiguration Leads to Full Account takeover |
|
|
|
| How I was able to Turn a XSS into a Account Takeover |
|
|
|
| Pre-Account Takeover using OAuth Misconfiguration |
|
|
|
| Bypassing the Redirect filters with 7 ways |
|
|
|
| Story of a Pre-Account Takeover |
|
|
|
| An often overlooked Oauth misconfiguration. |
|
|
|
| CVE-2020-13294 |
|
|
|
| 5 Ways to do Account Takeover in a Single Website |
|
|
|
| Never Give Up, The Story Behind a Dupe-To-Triaged |
|
|
|
| Vulnerability in new TouchID feature put iCloud accounts at risk of being breached |
|
|
|
writeups.xyz
/
OAuth