How I got Access to Auth0 Management API !! | allinfosecnews.com

Oct. 29, 2023, 7:01 p.m. | Tarun Koyalwar

InfoSec Write-ups - Medium infosecwriteups.com

How I got Access to Auth0 Management API !!

Recently, while hunting on a private bug bounty program I got full API Access to target’s Auth0 Management API. This was my first comeback vuln/bounty after taking a pause from Bug Bounty Hunting.

https://medium.com/media/265d7f51a2c7e2c3b537df3f86cac459/href

Target and Initial Steps

Target was a staging env for which I had some credentials assigned. Let’s assume the target was `stage.application.hunt`. It was a basic SPA built using React and the backend I believe is NodeJS …

auth0 bug bounty cybersecurity infosec writeup

More from infosecwriteups.com / InfoSec Write-ups - Medium

Subdomain takeover via AWS s3 bucket 4 days, 5 hours ago | infosecwriteups.com

attacker attackers aws aws s3 +18

Understanding the CrowdStrike 2024 Global Threat Report 4 days, 5 hours ago | infosecwriteups.com

adversaries analysis assets critical +25

Prevent Cross-Site Scripting Attacks in Node.js 4 days, 5 hours ago | infosecwriteups.com

attacks continue cross-site cybersecurity +14

HTB: Bizness walkthrough 4 days, 5 hours ago | infosecwriteups.com

cybersecurity hackthebox htb htb-writeup +1

HTB Business CTF 2024 — Submerged (Fullpwn)— Write-up 4 days, 5 hours ago | infosecwriteups.com

ctf ctf-writeup cybersecurity ethical hacking +1

CozyHosting HTB Easy | Walkthrough 4 days, 5 hours ago | infosecwriteups.com

ctf ctf-writeup hacking hackthebox +1

Blind SQL Injection: Uncovering Administrator Password One Character at a Time-Lab9 4 days, 5 hours ago | infosecwriteups.com

admin burpsuite hacking portswigger +1

Unlocking Superpowers: How to Gain Root Access in Ubuntu and Defeat ‘User not sudoers’ Error 4 days, 5 hours ago | infosecwriteups.com

access administration elevate error +15

All About API Security Pentesting 4 days, 5 hours ago | infosecwriteups.com

api security api security testing bug bounty owasp-api-security-top-10 +1

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com