Hi everyone It’s Yasser Again,
First of all i wanted to thank you all for sharing my last write-up and I got a lot of positive responses so I decided to write about another nice finding that i found lately.
I was testing a mobile application which was written in React-Native for private program on HackerOne about 5 months ago,
While my server-side testing I didn’t found a lot of functions but as always I was working on developing a similar application as school project, and i got some problems with Synchronization, so while testing 2fa functionality I was…
Hi Every one, My name is Yasser (AKA Neroli in CTF’s) and I wanted to share this Finding with you :)
Since its a private program on Bugcrowd i will call it example.com
Let’s start
While I was testing this target I wanted to test the OAuth flaw since it has a lot of misconfigurations that developers don’t recognize,
So I found that the target allows users to log in using either a classic, password-based mechanism or by linking their account to a social media profile using OAuth.
So let’s test this.
First thing i opened burp and started…
My Name Is Yasser and I am a CTF player and Competitive programmer, I Love to build things then break into it.