AmirMohammad Safari's banner
AmirMohammad Safari's profile picture

AmirMohammad Safari

@AmirMSafari8,132 subscribers

Part-time bug hunter, full-time thinker of thoughts nobody asked for

Shorts

We’ve created a lab to demonstrate how an OAuth token can be leaked using a referrer policy override. Check out the article and try the lab here

We’ve created a lab to demonstrate how an OAuth token can be leaked using a referrer policy override. Check out the article and try the lab here

27,523 Aufrufe

In our NahamCon talk, we demonstrated how punycode email addresses can impact OAuth implementations. MySQL + GitLab OAuth by default can lead to zero-click account takeover. 🔍 Check out the demo app here:

In our NahamCon talk, we demonstrated how punycode email addresses can impact OAuth implementations. MySQL + GitLab OAuth by default can lead to zero-click account takeover. 🔍 Check out the demo app here:

23,153 Aufrufe

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

My challenge is actually based on a bug I found in Apollo Server; in its default configuration, it uses the same blacklist-based approach to prevent CSRF. I was able to bypass it and use it as an XS-Leak in default configs. I’ll be writing a detailed write-up soon about it :)
0:36
AmirMSafari's profile picture

My challenge is actually based on a bug I found in Apollo Server; in its default configuration, it uses the same blacklist-based approach to prevent CSRF. I was able to bypass it and use it as an XS-Leak in default configs. I’ll be writing a detailed write-up soon about it :)

AmirMohammad Safari

27,140 Aufrufe • vor 2 Monaten

Keine weiteren Inhalte verfügbar