A request that isn't vulnerable until you make it twice.Definitely an interesting edge case that a lot of testing might overlook...
Vulnerabilities tagged "account-takeover"
A curious account takeover and one-time-password (OTP) bypass vulnerability has been identified.During the signup process, users receive an OTP sent to their email address...
A lot of wrong turns, eventually leading to some parameter brute forcing and the discovery of an `href` param when submitting a Forgot Password request.The `href` value would be used to craft the forgot password link with the actual token appended to it that is reflected in the Forgot Password email...
Relatively straight forward oauth hijack/account takeover flow with one interesting aspect in actually performing the login with the hijacked OAuth code.
A long, fairly beginner friendly post about attacking a Bluetooth lock, there is a lot of process information here as it was an intern's research project. What the vulnerability comes down to though is a lack of any real authoization checking instead only validating the integrity (poorly!) of the request and trusting the app did all the heavy lifting.
A bit of research on leaking access tokens from OAuth2/OIDC flows, in all cases you already need a cross-site scripting vulnerability to exist on the host recieving the callback, it does present an interesting case of escalating two often unimportant issues, a self-XSS and a Login CSRF, into an account takeover though.
Starts off with an exposed activity in the KAYAK app, ends up with session hijacking.
A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.
The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.
A number of bugs in Tailscale leading to an RCE chain.