all InfoSec news
How I was able to Turn a XSS into A Account Takeover
Feb. 26, 2023, 1:10 p.m. | Josh Fam
InfoSec Write-ups - Medium infosecwriteups.com
How I was able to Turn a XSS into a Account Takeover
To begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate vulnerabilities. The First part was a web cache poisoning via X Headers.This part allowed me to achieve XSS on every endpoint with a combination of two Headers.The next part was a OAuth flow flaw that allowed me to leverage my previously given XSS capabilities into an …
account account takeover bounty-program bug bounty takeover turn web application security xss xss-attack
More from infosecwriteups.com / InfoSec Write-ups - Medium
Hack Stories: Hacking Hackers EP:3
3 days, 7 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 8 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 8 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 8 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)
@ WWC Global | Reston, Virginia, United States
Security Architect (DevSecOps)
@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
Infrastructure Security Architect
@ Ørsted | Kuala Lumpur, MY
Contract Penetration Tester
@ Evolve Security | United States - Remote
Senior Penetration Tester
@ DigitalOcean | Canada