Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki


Toggle Arrow IconV2 - AuthenticationToggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access Control
Account takeover via "Forgot your password" functionality Admin panel publicly accessible Admin panel takeover AWS bucket misconfiguration Critically Sensitive Data - Password Disclosure Critically Sensitive Data - Private API KeysCSRF Database Management System (DBMS) Misconfiguration:Excessively Privileged User / DBA Directory Listing Enabled EXIF Geolocation Data Not Stripped From Uploaded Images - User Enumeration Insecure crossdomain.xml policy OAuth Account Takeover OAuth Insecure Redirect URI OAuth Missing/Broken State Parameter Sensitive Token in URL Token Leakage via Referer Weak Password Reset Implementation - Token Leakage via Host Header Poisoning
Toggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V4 - Access Control

OAuth Account Takeover


1.) Sign-in to a Facebook linked account.

2.) Visit:

3.) You'll be redirected to and your access_token will be leaked.

4.) Now start an incognito session and visit:

5.) You should be signed-in to the Facebook linked account now.





Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped