Posts
-
Zero-day in Sign in with Apple
-
Account Takeover Due to Misconfigured Login with Facebook/Google
The mobile applications that uses Login with Facebook or Login with Google, I’ve found more than 70% of them suffers a misconfiguration in validating the tokens at their backend which leads to account takeover.
-
Zomato Account Takeover using Victim's Facebook ID
This was an issue, I reported to Zomato a few months back where an attacker could have compromised any user’s account who had linked their Facebook with Zomato. And since most of the people use Login with Facebook nowadays, I was actually able to gain access to over 1000s of user accounts.
-
Extracting Sensitive PII From a Tracking Number in Grab Parcel
While checking out Grab Parcel website, I found a link that looked a bit suspicious to me as it was from a different domain.
subscribe via RSS