session-fixation

3 articles
sort: new top best
clear filter
bug-bounty448 google354 microsoft311 facebook262 xss238 apple179 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 supply-chain65 stored-xss65 authentication-bypass63 dos60 browser57 reflected-xss57 react50 cloudflare49 cross-site-scripting48 reverse-engineering48 input-validation48 access-control47 aws45 docker45 smart-contract45 node44 sql-injection43 ethereum43 web343 defi42 web-security42 web-application41 ssrf38 burp-suite35 idor34 vulnerability-disclosure34 info-disclosure33 race-condition33 html-injection33 cloud32 writeup32 oauth32 buffer-overflow32 smart-contract-vulnerability32 information-disclosure30
0 5/10
Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com
vulnerability

A subdomain takeover of ping.ubnt.com via unclaimed Amazon CloudFront distribution combined with shared session cookies across *.ubnt.com subdomains enabled complete authentication bypass of Ubiquity's SSO system. The vulnerability was responsibly disclosed via HackerOne.

subdomain-takeover authentication-bypass sso cloudfront session-fixation cookie-sharing ubiquity
Ubiquity ubnt.com ping.ubnt.com sso.ubnt.com Amazon Cloudfront HackerOne Arne Swinnen
arneswinnen.net · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 9/10
UBER turning self XSS to good XSS
bug-bounty

A researcher escalated a self-XSS vulnerability on Uber's Partners portal into a cross-user XSS attack by chaining three separate issues: leveraging missing CSRF protection in the OAuth login flow and logout endpoint, combined with CSP manipulation and iframe-based session hijacking to execute arbitrary JavaScript in a victim's context and exfiltrate sensitive data.

xss self-xss csrf oauth bug-chaining csp-bypass clickjacking session-fixation uber bug-bounty
Uber partners.uber.com login.uber.com fin1te
whitton.io · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 8/10
Obtaining XSS using moodle featured and minor bugs
vulnerability

A technique to escalate self-XSS in Moodle into full XSS against arbitrary users by exploiting double session cookies with different paths combined with login CSRF or impersonation functionality, allowing arbitrary JavaScript execution in victim context for full account compromise.

xss cross-site-scripting self-xss csrf login-csrf session-fixation cookie-manipulation moodle privilege-escalation authentication-bypass html-injection javascript-execution browser-behavior php-security
Moodle Daniel Thatcher Chrome Firefox BurpSuite PHP
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details