all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I was able to Turn a XSS into A Account Takeover

Add to bookmarks
Feb. 26, 2023, 1:10 p.m. | Josh Fam

InfoSec Write-ups - Medium infosecwriteups.com

How I was able to Turn a XSS into a Account Takeover

To begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate vulnerabilities. The First part was a web cache poisoning via X Headers.This part allowed me to achieve XSS on every endpoint with a combination of two Headers.The next part was a OAuth flow flaw that allowed me to leverage my previously given XSS capabilities into an …

account account takeover bounty-program bug bounty takeover turn web application security xss xss-attack

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 1 day, 7 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 2 days, 7 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 3 days, 7 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 4 days, 8 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 4 days, 8 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 4 days, 8 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 4 days, 8 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 4 days, 8 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 4 days, 8 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States
View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote
View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada
View on infosec-jobs.com
View more jobs