Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5281Stealing Facebook Access Tokens with a Double Submit CSRF OAuth Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-04-132023-06-13
5194How I Hacked [Oculus] OAuth +Ebay +IBM Unrestricted file upload XSS Meta / Facebook Ebay IBM AnswerHub Abdullah Hussam (@Abdulahhusam) Bug Bounty2016-02-122023-06-13
5159Stealing Facebook access_tokens using CSRF in device login flow CSRF OAuth Information disclosure Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2016-07-192023-06-13
5141Internet Explorer has a URL problem OAuth RPO XSS GitHub Google File Descriptor (@filedescriptor) Bug Bounty2016-09-062023-06-13
5138Bug Bounty : Account Takeover Vulnerability POC OAuth Account takeover XSS NA Rakesh Mane (@RakeshMane10) Bug Bounty2016-09-162023-06-13
5055Authentication bypass on Airbnb via OAuth tokens theft OAuth Login CSRF Open redirect Authentication bypass Airbnb Arne Swinnen (@ArneSwinnen) Bug Bounty2017-06-222023-06-13
5031Stealing Access Token of One-drive Integration By Chaining CSRF Vulnerability OAuth CSRF NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-07-182023-06-13
4992Stealing 0Auth Token (MITM) OAuth NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-09-012023-06-13
4866Bug bounty left over (and rant) Part III (Google and Twitter) OAuth Authentication flaw Information disclosure Google Twitter Antonio Sanso (@asanso) Bug Bounty2018-02-062023-06-13
4678Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret Information disclosure NA Mateusz Olejarka (@molejarka) Bug Bounty2018-07-232023-06-13
4555Applying a small bypass to steal Facebook Session tokens in Uber XSS CSP bypass OAuth Uber Samuel (@saamux) Bug Bounty2018-10-022023-06-13
4495Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining) Open redirect Token leak Account takeover NA Muhammad Asim Shahzad (@protector47) Bug Bounty2018-11-032023-06-13
4422Microsoft Account Takeover Vulnerability Affecting 400 Million Users Subdomain takeover OAuth Meta / Facebook Aviva Zacks Bug Bounty2018-12-112023-06-13
4416#BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” OAuth Authentication bypass Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2018-12-132023-06-13
4413$3k Bug Bounty - Twitter%27s OAuth Mistakes OAuth Twitter Terence Eden (@edent) Bug Bounty2018-12-142023-06-13
4359Oauth Misconfiguration lead to complete account takeover CSRF OAuth Account takeover NA Jackson kv (@Jacksonkv22) Bug Bounty2019-01-202023-06-13
4337Chaining Tricky OAuth Exploitation To Stored XSS Stored XSS OAuth NA Rohan aggarwal (@nahoragg) Bug Bounty2019-01-272023-06-13
4052OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect Open redirect Token leak Account takeover Airbnb Evgeniy Yakovchuk (@h1_sp1d3r) Bug Bounty2019-07-102023-06-13
4012Story about Facebook Oauth Account Takeover Account takeover OAuth iLOTTE Zerb0a Bug Bounty2019-07-262023-06-13
3973BookMyShow account takeover using social login OAuth Account takeover BookMyShow Sukhmeet Singh (@MadGuyyy) Bug Bounty2019-08-152023-06-13
3909Bug or Feature? GitHub Adventure #001 OAuth Open redirect NA Dominik Opyd (@oad_earth) Bug Bounty2019-09-212023-06-13
3906[Case Study] OAuth Misconfiguration leads to Account Takeover OAuth Account takeover NA Gaurang Bhatnagar (@0xgaurang) Bug Bounty2019-09-212023-06-13
3850Bypassing GitHub%27s OAuth flow OAuth Authorization bypass GitHub Teddy Katz (@not_aardvark) Bug Bounty2019-11-052023-06-13
3810Finding a security bug in Discord and what it taught me OAuth Discord Tristan Farkas (@TristanAtFarkas) Bug Bounty2019-11-242023-06-13
3774Abusing feature to steal your tokens OAuth NA Harsh Jaiswal (@rootxharsh) Bug Bounty2019-12-172023-06-13