Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3648Mail.Ru Ext.B Scope Account Takeover [ $1500 ] Account takeover OAuth Mail.ru Myo Min Thu (@myominthu1337) Bug Bounty2020-02-252023-06-13
3364How i hacked worldwide ZOOM users OAuth Account takeover Zoom s3c (@s3c_krd) Bug Bounty2020-06-272023-06-13
3274Pre-Access to Victim’s Account via Facebook Signup OAuth Account takeover NA Akshansh Jaiswal (@Akshanshjaiswl) Bug Bounty2020-07-282023-06-13
3251Vulnerability in new TouchID feature put iCloud accounts at risk of being breached OAuth Account takeover Apple Thijs Alkemade (@xnyhps) Bug Bounty2020-08-032023-06-13
3173Never Give Up, The Story Behind a Dupe-To-Triaged XSS OAuth Account takeover NA Alan Brian (@soyelmago) Bug Bounty2020-09-062023-06-13
31315 Ways to do Account Takeover in a Single Website Account takeover Lack of rate limiting OTP bypass IDOR OAuth JWT NA letmeslidein (@VasuYadaav) Bug Bounty2020-09-272023-06-13
3062An often overlooked Oauth misconfiguration. OAuth NA VipItHunter (@VipItHunter1) Bug Bounty2020-11-012023-06-13
3059CVE-2020-13294 Authentication flaw OpenID Connect OAuth GitLab Lauritz Holtmann (@_lauritz_) Bug Bounty2020-11-012023-06-13
3052Story of a Pre-Account Takeover Account takeover OAuth NA Kushal Dhakal (@dhakal0kushal) Bug Bounty2020-11-062023-06-13
3014Bypassing the Redirect filters with 7 ways Open redirect OAuth NA ElMahdi Mrhassel (@ElMrhassel) Bug Bounty2020-11-192023-06-13
3003Pre-Account Takeover using OAuth Misconfiguration OAuth NA the_unluck_guy (@7he_unlucky_guy) Bug Bounty2020-11-262023-06-13
2840How I was able to Turn a XSS into a Account Takeover Web cache poisoning Stored XSS Account takeover OAuth Logic flaw NA Josh Fam (@Pullerze) Bug Bounty2021-02-032023-06-13
2814OAuth Misconfiguration Leads to Full Account takeover OAuth Clickjacking CSRF Account takeover NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-132023-06-13
2701OAuth Misconfiguration found in small time-window of attack OAuth NA Muhammad Aamir (@Muhammad__Aamir) Bug Bounty2021-03-202023-06-13
2616Got Nice catch by Google OAuth Open redirect CSRF Google Parth Desani (@DesaniParth) Bug Bounty2021-04-222023-06-13
2592Facebook account takeover due to unsafe redirects after the OAuth flow OAuth Open redirect Account takeover Meta / Facebook Youssef Sammouda (@samm0uda) Bug Bounty2021-04-302023-06-13
2523How I hacked a Target again and again… OAuth Account takeover XSS Broken Access Control NA Aditya Verma (@0cirius0) Bug Bounty2021-05-272023-06-13
2383Mattermost Server v5.32 > v5.36 Reflected XSS in OAuth flow Reflected XSS OAuth Mattermost zi0Black (@zi0Black) Bug Bounty2021-07-262023-06-13
2375Information Disclosure to Account Takeover Information disclosure OAuth Account takeover Authentication bypass NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-07-282023-06-13
2372How I could have hacked your medium account by phishing your FB, Twitter & Google credentials. Open redirect OAuth Medium Renganathan (@IamRenganathan) Bug Bounty2021-07-292023-06-13
2290Oauth client secret leak and possible IDOR leading to PII Disclosure IDOR OAuth Information disclosure NA Monke (@pmofcats) Bug Bounty2021-08-262023-06-13
2219This is why you shouldn’t trust your Federated Identity Provider OAuth Account takeover Authentication bypass NA Soufiane Habti (@wld_basha) Bug Bounty2021-09-152023-06-13
2098Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri OAuth Prototype pollution GitHub Microsoft StackExchange Lauritz Holtmann (@_lauritz_) Bug Bounty2021-11-062023-06-13
2063Exploiting OAuth: Journey to Account Takeover Account takeover OAuth XSS Weak CSP CSRF NA Aditya Dixit (@zombie007o) Bug Bounty2021-11-192023-06-13
1958Bypassing Identity-Aware Proxy - Google Cloud Vulnerability Authorization flaw Token leak OAuth Google SebLu Bug Bounty2021-12-302023-06-13