all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I got Access to Auth0 Management API !!

Add to bookmarks
Oct. 29, 2023, 7:01 p.m. | Tarun Koyalwar

InfoSec Write-ups - Medium infosecwriteups.com

How I got Access to Auth0 Management API !!

Recently, while hunting on a private bug bounty program I got full API Access to target’s Auth0 Management API. This was my first comeback vuln/bounty after taking a pause from Bug Bounty Hunting.

https://medium.com/media/265d7f51a2c7e2c3b537df3f86cac459/href

Target and Initial Steps

Target was a staging env for which I had some credentials assigned. Let’s assume the target was `stage.application.hunt`. It was a basic SPA built using React and the backend I believe is NodeJS …

auth0 bug bounty cybersecurity infosec writeup

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

AWS S3 Bucket Misconfiguration Exposes PII and Documents of Job Seekers 2 days, 7 hours ago | infosecwriteups.com
bug bounty cloud cybersecurity india +1
Honeypots 101: A Beginner’s Guide to Honeypots 3 days, 8 hours ago | infosecwriteups.com
art attacker attackers attacks +19
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI 3 days, 19 hours ago | infosecwriteups.com
ai anti-malware can companies +29
The Diamond Model: Simple Intelligence-Driven Intrusion Analysis 4 days, 8 hours ago | infosecwriteups.com
analysis continue cyber cybersecurity +18
Analysis of Competing Hypotheses: How to Find Plausible Answers 4 days, 8 hours ago | infosecwriteups.com
analysis continue cybersecurity discover +10
Devvortex Hackthebox Walkthrough 4 days, 8 hours ago | infosecwriteups.com
cybersecurity htb htb-walkthrough htb-writeup +1
Port Scanning for Bug Bounties 4 days, 8 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
How I Accidentally Discovered an Insecure Direct Object Reference (IDOR) Vulnerability on Coursera 4 days, 8 hours ago | infosecwriteups.com
article certificate coursera cybersecurity +15
TryHackMe - Mr. Robot CTF 4 days, 8 hours ago | infosecwriteups.com
ctf linux security tryhackme

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs