| HTML Over the Wire |
|
|
|
| googlesource.com access_token leak (Awarded $7500) |
|
|
|
| Stealing GitHub staff's access token via GitHub Actions |
|
|
|
| OAuth 2.0 Authentication Misconfiguration |
|
|
|
| draw.io CVEs |
|
|
|
| Simple CORS misconfig leads to disclose the sensitive token worth of $$$ |
|
|
|
| Fun With CORS |
|
|
|
| Never underestimate the power of open redirect, a story of a full account takeover |
|
|
|
| Sensitive Data Exfiltration through XSS ($450) |
|
|
|
| Full Account Takeover via Open Redirection |
|
|
|
| OAuth and PostMessage - Chaining misconfigurations for your access token. |
|
|
|
| Bug Hunting Journey of 2021 |
|
|
|
| Bypassing Identity-Aware Proxy - Google Cloud Vulnerability |
|
|
|
| Account Takeover via improper input validation |
|
|
|
| Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs |
|
|
|
| Exploiting API with AuthToken |
|
|
|
| How i got 200$ with an out of the box open redirect vulnerability |
|
|
|
| DOM based open redirect to the leak of a JWT token |
|
|
|
| OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect |
|
|
|
| Leaking OpenID tokens with “ — the bug right infront of you |
|
|
|
| Hijacking accounts by retrieving JWT tokens via unvalidated redirects |
|
|
|
| Stealing Side-Channel Attack Tokens in Facebook Account Switcher |
|
|
|
| Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining) |
|
|
|
writeups.xyz
/
Token Leak