Contents
References
- Portswigger: OAuth
- Pre-Account Takeover using OAuth Misconfiguration
- An often overlooked Oauth misconfiguration.
- Vulnerability – Account takeover using OAuth Misconfiguration
- Facebook OAuth Framework Vulnerability
- Bypassing GitHub’s OAuth flow
- [Case Study] OAuth Misconfiguration leads to Account Takeover
- Story about Facebook Oauth Account Takeover
- OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect
- Chaining Tricky OAuth Exploitation To Stored XSS
- Oauth Misconfiguration lead to complete account takeover
- $3k Bug Bounty - Twitter’s OAuth Mistakes
- Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining)
- Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret
- Authentication bypass on Airbnb via OAuth tokens theft
- How I Hacked [Oculus] OAuth +Ebay +IBM
- Open URL redirects to grab FB OAuth Tokens