writeups.xyz / Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse

Submitter : c2a

Date: 7 June 2024

Bounty : 15,000

Vulnerabilities :

• XSS
• Cookie XSS
• Cookie Tossing
• OAuth Dirty Dancing
• Account Takeover

Programs :

• Zoom

Authors :

• Harel (@H4r3l)
• Sudhanshu Rajbhar (@Sudhanshur705)
• Bruno Halltari (@BrunoModificato)

Link :
https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html