+ Your Authors
Archive
@hackerscrolls
for hackers by hackers
Contact: [email protected]
Jun. 06, 2020
1 min read
' fill='%23000000' fill-rule='nonzero' stroke='%23000000' stroke-width='3'%3E%3Cpath d='M170.2,112.8 C170.1,111.6 169,97.1 143.2,97.7 C117.5,98.3 111.2,99.9 111.2,99.9 C111.2,99.9 92,80.4 85,65.3 C85,65.3 93.5,40.4 93.1,24.8 C92.7,9.2 89,0.2 77,0.298363889 C65,0.4 63.3,10.9 64.8,26.5 C66.2,40.5 73.5,57 73.5,57 C73.5,57 68,74.2 60.6,91.4 C53.3,108.6 48.3,117.6 48.3,117.6 C48.3,117.6 23.5,125.9 12.8,135.9 C2.1,145.9 -2.3,153.6 3.3,161.3 C8.2,167.9 25.2,169.4 40.5,149.4 C55.7,129.4 62.6,116.9 62.6,116.9 C62.6,116.9 85.9,110.5 93.1,108.8 C100.3,107.1 109.1,105.7 109.1,105.7 C109.1,105.7 130.3,127.1 150.8,126.3 C171.3,125.5 170.3,114 170.2,112.8 Z M8.6,157.9 C-4.1,150.3 35.3,126.8 42.5,126 C42.5,126 22,165.9 8.6,157.9 Z M69.2,20.9 C69.2,8.5 73.2,5.2 76.3,5.2 C79.4,5.2 82.9,6.7 83,17.4 C83.1,28.1 76.3,49.1 76.3,49.1 C74,46.6 69.2,33.2 69.2,20.9 Z M85.7,105.6 C72.9,108.7 66.5,112 66.5,112 C66.5,112 66.5,112 71.7,100.3 C76.9,88.6 82.3,72.6 82.3,72.6 C89.5,86.1 103.9,102 103.9,102 C103.9,102 98.5,102.4 85.7,105.6 Z M116.4,104.5 C116.4,104.5 158,97 158,111.2 C158,125.3 132.2,119.5 116.4,104.5 Z' id='XMLID_28_'%3E%3C/path%3E%3C/g%3E%3C/g%3E%3C/svg%3E)
You asked for something about OAuth — we did.
Here is a mindmap about hacking OAuth 2.0. We tried to cover all possible ways even with low impact.
Our inspiration was http://homakov.blogspot.com/search?q=oauth
Thanks to @homakov for outstanding articles.
#BugBountyTip #CyberSecurity #BugBounty
Also check this:
Introduction: http://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1 …
Our mindmaps in XMind http://github.com/hackerscrolls/SecurityTips/tree/master/MindMaps …
Android Intent trick:
Race Condition in OAuth: http://hackerone.com/reports/55140
Twitter OAuth bug: http://hackerone.com/reports/110293
Leaking CODE: http://hackerone.com/reports/314814
You can follow @hackerscrolls.
Bookmark
____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.
Enjoy Threader? Sign up.
Since you’re here...
... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.
