all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I Leak Other’s Access Token by Exploiting Evil Deeplink Flaw

Add to bookmarks
March 13, 2023, 9:32 a.m. | Crisdeo Nuel Siahaan

InfoSec Write-ups - Medium infosecwriteups.com

Introduction

Deep linking has become a crucial aspect of modern mobile app development, allowing for seamless navigation within and between apps. However, this seemingly flawless feature of deep linking can become a point of exploitation due to misconfigurations in many Android apps.

In this article, I’m going to talk about deep linking and the bug I found that allowed me to steal another user’s access token. So, let’s just begin.

What the deeplink doin?

Have you ever clicked on a …

access access token android bug bounty deeplink exploiting flaw infosec leak token

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Hack Stories: Hacking Hackers EP:3 3 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 1 day, 4 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 1 day, 4 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 1 day, 4 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 1 day, 4 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 1 day, 4 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 1 day, 4 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1
Demystifying Password Cracking: Attacks and Defence Strategies 1 day, 4 hours ago | infosecwriteups.com
cybersecurity ethical hacking hacking infosec +1
Race Condition and Broken Access Control on Developer Dashboard 1 day, 4 hours ago | infosecwriteups.com
access access control broken access control can +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Threat Analyst

@ Peraton | Morrisville, NC, United States
View on infosec-jobs.com

Kyndryl Offensive Security Professional - Threat-Led Penetration Testing (TLPT) and Red Teaming

@ Kyndryl | Sao Paulo (KBR51645) WeWork Office
View on infosec-jobs.com

Consultant en Cyber Sécurité - Spécialiste PKI H/F

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cloud Security Architect - Advisor (Remote)

@ Fannie Mae | Reston, VA, United States
View on infosec-jobs.com

OT Cybersecurity Engineer

@ SBM Offshore | Bengaluru, IN, 560071
View on infosec-jobs.com
View more jobs