Contents
References
- Portswigger: Authentication
- How I earned $500 from Google - Flaw in Authentication
- How I By-pass the login page and 2FA authentication…..
- Authentication_token_bypass Leads Too_idor
- My First Bug Bounty — 2 Factor Authentication Bypass
- Two Factor Authentication Bypass [ $50 ]
- Touch ID Authentication Bypass on Evernote and Dropbox IOS Apps
- OK Google: bypass the authentication!
- Authentication Bypass
- BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! 😎
- [ BUG BOUNTY ] Flaw in Authentication ( Hall of Fame Google )
- How I bypassed 2 Factor Authentication
- OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect
- Two-Factor Authentication Bypass
- Broken Authentication — Bug Bounty
- Instagram Multi-factor authentication Bypass
- Authentication bypass in NodeJS application — a bug bounty story
- Symantec Messaging Gateway authentication bypass
- Bypassing Authentication Using Javascript Debugger.
- Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
- ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC
- Authentication bypass in Cisco Meraki
- Bypassing Google’s authentication to access their Internal Admin panels
- Slack SAML authentication bypass
- Authentication bypass on Uber’s Single Sign-On via subdomain takeover
- Authentication bypass on Airbnb via OAuth tokens theft
- From JS to another JS files lead to authentication bypass
- Inspect Element leads to Stripe Account Lockout Authentication Bypass
- Authentication bypass on Ubiquity’s Single Sign-On via subdomain takeover
- A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)
- Bypassing Google Authentication on Periscope’s Administration Panel
- Facebook OAuth Framework Vulnerability
- OTP Verification Bypass (response edit)
- Full account takeover via reset password function
- Password Reset Vulnerability (Poisoning)
- Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference)
- How I was able to bypass OTP code requirement in Razer [The story of a critical bug]
- Bypassing GitHub’s OAuth flow
- Analysis of Two Newly Patched Kubernetes Vulnerabilities
- How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)
- Hijacking Accounts By Retrieving Jwt Tokens Via Unvalidated Redirects
- A Curious Case From Little To Complete Email Verification Bypass
- Bypass HackerOne 2FA requirement and reporter blacklist
- How I bypassed 2-Factor Authentication in a bug bounty program
- SAML Bug in Github worth $15,000
- Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts
- Paypal 2FA Bypass