Imgur disclosed on HackerOne: Login to any user account using other...

Vulnerable Url: https://api.imgur.com/generatetoken/thirdpartynativeandroid?type=facebook Vulnerable Param: access_token Attck: Hacker can build own facebook app and get victim's facebook access token and use that access token to login into imgur account POC: https://drive.google.com/file/d/0B9bnr9ZtF2QsYktlRVFPUDB2SmM/view?usp=sharing Prevention: Validate access token and check app id is...

23 Jul 2017 ... Vulnerable Url: https://api.imgur.com/generatetoken/thirdpartynativeandroid?type =facebook Vulnerable Param: access_token Attck: Hacker can ...

Lee mas