Category: Cyber Security
-
Account Takeover in Android App (OTP Bypass)
Account Takeover in Android App (OTP Bypass) Share this article: Facebook Github Linkedin Pinterest X-twitter Whatsapp Envelope Hi everyone!We are back with another interesting write-up. This time, We will share how we found an easy Account Takeover (ATO) vulnerability in an Android application during a penetration test. The app we tested was for healthcare, mainly…
-
From Cross-Subdomain Cookie Reuse to Becoming Super Admin: An Exploit Chain Walkthrough
From Cross-Subdomain Cookie Reuse to Becoming Super Admin: An Exploit Chain Walkthrough Share this article: Facebook Github Linkedin Pinterest X-twitter Whatsapp Envelope Hey there! A few days ago, while performing a penetration test on one of our client’s applications, our team encountered a scenario that’s definitely worth sharing. It involved cross-subdomain cookie reuse, which, when…
-
OAuth-Based CSRF: Exploiting The Flaw In Implementation Of State Parameter
OAuth-Based CSRF: Exploiting The Flaw In Implementation Of State Parameter Share this article: Facebook Github Linkedin Pinterest X-twitter Whatsapp Envelope Hey there! A few days ago, while doing penetration testing on one of the assets of our client, our team came through a scenario that is worth sharing. It was an OAuth based CSRF that…