OAuth and PostMessage
Chaining misconfigurations for your access token.
Tl;DR;
[Read More]
Watch your requests!
open redirect to a complete account takeover
Recently, while testing a web application, I discovered multiple vulnerabilities that on chaining together could have allowed anyone to take over the Victim account. The affected company name is interchanged with “target” for the sake of confidentiality. The blog would detail how these vulnerabilities were discovered, chained, and exploited.
[Read More]