Day: July 28, 2025
-
Account Takeover in Android App (OTP Bypass)
Account Takeover in Android App (OTP Bypass) Share this article: Facebook Github Linkedin Pinterest X-twitter Whatsapp Envelope Hi everyone!We are back with another interesting write-up. This time, We will share how we found an easy Account Takeover (ATO) vulnerability in an Android application during a penetration test. The app we tested was for healthcare, mainly…
-
From Cross-Subdomain Cookie Reuse to Becoming Super Admin: An Exploit Chain Walkthrough
From Cross-Subdomain Cookie Reuse to Becoming Super Admin: An Exploit Chain Walkthrough Share this article: Facebook Github Linkedin Pinterest X-twitter Whatsapp Envelope Hey there! A few days ago, while performing a penetration test on one of our client’s applications, our team encountered a scenario that’s definitely worth sharing. It involved cross-subdomain cookie reuse, which, when…