About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Zomato Account Takeover via Facebook Id- 194

Bhavuk JainPosted 5 Years Ago
  • Zomato has a login with Facebook feature. These feature was not implemented properly.
  • By changing the Facebook Id on the request, it bypassed the login for the user entirely!
  • Note: This hacker has found several very bad authentication bugs in third party apps and in mobile logins. I feel that mobile logins are not well scrutinized; there are probably quite a bit of things to look at here.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed