Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1849Facebook Oauth bypass OAuth Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-02-052023-06-13
1791OAuth and PostMessage - Chaining misconfigurations for your access token. OAuth postMessage Token leak NA Suraj Disoja (@ninetyn1ne_) Bug Bounty2022-02-212023-06-13
1674Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App Hardcoded credentials Android NA Omar Espino (@omespino) Bug Bounty2022-04-012023-06-13
1615Full Account Takeover via Open Redirection Open redirect Token leak Account takeover OAuth NA vFlexo (@vflexo) Bug Bounty2022-04-172023-06-13
1583CVE-2022-25262 | JetBrains Hub single-click SAML response takeover Authorization flaw SAML OAuth JetBrains Yurii Sanin (@SaninYurii) Bug Bounty2022-05-032023-06-13
1556Forging OAuth tokens using discovered client id and client secret Information disclosure Account takeover NA Basyouni (@AshrafBasyoni4) Bug Bounty2022-05-122023-06-13
1549Stealing Google Drive OAuth tokens from Dropbox CSRF SSRF Account takeover Dropbox Sivanesh Ashok (@sivaneshashok) Bug Bounty2022-05-172023-06-13
1395Account hijacking using "dirty dancing" in sign-in OAuth-flows OAuth Account takeover NA Frans Rosén (@fransrosen) Bug Bounty2022-07-072023-06-13
12712FA Bypass via Google Identity & OAuth Login MFA bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-08-072023-06-13
1003Bugcrowd — Tale of multiple misconfigurations!! ❌ Account takeover OAuth OTP bypass Password reset NA Vaibhav Lakhani Bug Bounty2022-10-042023-06-13
845How Sigstore quickly patched an upstream vulnerability OAuth Account takeover Phishing Sigstore dex Joern Schneeweisz Bug Bounty2022-11-102023-06-13
785Dodging OAuth origin restrictions for Firebase spelunking OAuth Security misconfiguration Authentication flaw NA Aditya Saligrama (@saligrama_a) Bug Bounty2022-11-232023-06-13
594Bypassing authorization in Google Cloud Workstations [Google VRP] Account takeover OAuth URL validation bypass Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-132023-06-13
553How i Hacked Scopely with “Sign in with Google” Account takeover CORS misconfiguration Client-side enforcement of server-side security OAuth Scopely Ph.Hitachi Bug Bounty2023-01-232023-06-13
497SSO Gadgets: Escalate (Self-)XSS to ATO SSO OAuth Account takeover Self-XSS Login CSRF NA Lauritz Holtmann (@_lauritz_) Bug Bounty2023-02-042023-06-13
398draw.io CVEs SSRF OAuth Open redirect Token leak Security code review draw.io @caioluders Bug Bounty2023-02-242023-06-13
391Account Takeover worth of $5 OAuth Account takeover NA Jefferson Gonzales (@gonzxph) Bug Bounty2023-02-262023-06-13
366Traveling with OAuth - Account Takeover on Booking.com OAuth Account takeover Authentication bypass Open redirect Booking.com KAYAK Aviad Carmel (@AviadCarmel) Bug Bounty2023-03-022023-06-13
294OAuth 2.0 Authentication Misconfiguration OAuth Account takeover Open redirect Token leak NA Mohamed Lakhdar Metidji (@minometidjii) Bug Bounty2023-03-162023-06-13
256I’d TAP That Pass Azure AD Cloud OAuth NA Daniel Heinsen (@hotnops) Bug Bounty2023-03-292023-06-13
197User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264) OAuth OpenID Connect Privilege escalation Authentication flaw Keycloack Jordi Zayuelas i Muñoz Bug Bounty2023-04-142023-06-13
178Vulnerability Spotlight: CVE-2023-0264 OpenID Connect OAuth Authentication flaw Privilege escalation Security code review Keycloack Timo Müller (@mtimo44) Bug Bounty2023-04-192023-06-13
171GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts Cloud OAuth Authorization bypass Google (GCP) Astrix Security (@AstrixSecurity) Bug Bounty2023-04-202023-06-13
60Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services OAuth Account takeover Expo Codeacademy.com Aviad Carmel (@AviadCarmel) Bug Bounty2023-05-242023-06-13
29Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability XSS Account takeover OAuth TikTok mrhavit Bug Bounty2023-06-042023-06-13