Infosec Blog
  • About Me

NinetyNine


Infosec | Tech | Bug Bounty

Watch your requests!

open redirect to a complete account takeover

Posted on October 5, 2020

Recently, while testing a web application, I discovered multiple vulnerabilities that on chaining together could have allowed anyone to take over the Victim account. The affected company name is interchanged with “target” for the sake of confidentiality. The blog would detail how these vulnerabilities were discovered, chained, and exploited. [Read More]
Tags: ssrf bugbounty ato graphql
  • Email me
  • Twitter
  • hackerone

© NinetyNine  •  2021