Traveling with OAuth - Account Takeover on Booking.com
Relatively straight forward oauth hijack/account takeover flow with one interesting aspect in actually performing the login with the hijacked OAuth code.
Vulnerabilities tagged "account-takeover"
Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks
A long, fairly beginner friendly post about attacking a Bluetooth lock, there is a lot of process information here as it was an intern's research project. What the vulnerability comes down to though is a lack of any real authoization checking instead only validating the integrity (poorly!) of the request and trusting the app did all the heavy lifting.
Single-Sign On Gadgets: Escalate (Self-)XSS to Account Takeover
A bit of research on leaking access tokens from OAuth2/OIDC flows, in all cases you already need a cross-site scripting vulnerability to exist on the host recieving the callback, it does present an interesting case of escalating two often unimportant issues, a self-XSS and a Login CSRF, into an account takeover though.
Third Party Information Disclosure to Session Hijacking in KAYAK mobile application
Starts off with an exposed activity in the KAYAK app, ends up with session hijacking.
Web Hackers vs. The Auto Industry
A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.
OTP Leaking Through Cookie Leads to Account Takeover
The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.
RCE in Tailscale, DNS Rebinding, and You [CVE-2022-41924]
A number of bugs in Tailscale leading to an RCE chain.