Authentication Bypass Writeups

https://0xsha.io/posts/exploiting-magic-links-critical-bugs-are-one-line-away
https://ahussam.me/Vine-Reauth-Bypass/
https://artkond.com/2018/10/10/symantec-authentication-bypass/
https://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
https://blog.intothesymmetry.com/2018/02/bug-bounty-left-over-and-rant-part-iii.html
https://blog.securitybreached.org/2017/12/10/how-i-was-able-to-takeover-facebook-account-bug-bounty-poc/
https://blog.securitybreached.org/2018/09/10/sqli-login-bypass-autotraders/
https://blog.yappare.com/2017/06/from-js-to-another-js-files-lead-to.html
https://blog.yappare.com/2017/08/accidentally-typo-to-bypass.html?m=1
https://bugbounty.blog/2018/09/18/facebook-750-reward-for-a-simple-bug/
https://bugbountypoc.com/instagram-account-is-reactivated-without-entering-2fa/
https://clever-idi0t.com/2019/02/07/how-i-was-able-to-dump-sqldb-simple-bug/
https://daleys.space/writeup/0day/2019/09/09/verizon-leak.html
https://gauravnarwani.com/two-factor-authentication-bypass/
https://github.com/setuid0-sec/Swiss_E-Voting_Publications
https://lightningsecurity.io/blog/password-not-provided/
https://medium.com/@0xBarakat/broken-session-permanent-access-to-facebook-users-cfed68684113
https://medium.com/@Vibhurushi_Chotaliya/password-bypass-and-something-else-cded0847c9df
https://medium.com/@_bl4de/authentication-bypass-in-nodejs-application-a-bug-bounty-story-d34960256402
https://medium.com/@abidafahd/how-i-was-able-to-hunt-a-rare-bug-in-a-private-program-caec0ebaef7f
https://medium.com/@agrawalsmart7/how-i-hacked-74k-users-of-a-website-869e8a0b319
https://medium.com/@aungpyaehackeronetester/two-factor-authentication-bypass-50-5b397e68cfed
https://medium.com/@bathinivijaysimhareddy/shodan-is-your-friend-if-you-lose-him-you-will-lose-many-657d07472f75
https://medium.com/@danangtriatmaja/bug-bounty-flaw-in-authentication-get-hall-of-fame-google-6196726ee5b9
https://medium.com/@dortz/how-did-i-bypass-a-custom-brute-force-protection-and-why-that-solution-is-not-a-good-idea-4bec705004f9
https://medium.com/@hackerb0y/rest-framework-admin-panel-bypass-and-how-i-recon-for-this-vulnerability-a0ee41b01102
https://medium.com/@himanshu_pdy/ldap-admin-account-bypassed-2cc8b264d66e
https://medium.com/@jeppe.b.weikop/getting-lucky-in-bug-bounty-shamelessly-profiting-off-of-others-work-89bae985ba00
https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1
https://medium.com/@manralhemant10/how-i-bypassed-2-factor-authentication-899750421331
https://medium.com/@mustafakhan_89646/asuss-admin-panel-auth-bypass-af5062584ddf
https://medium.com/@ozguralp/using-vulnerability-analytics-feature-like-a-boss-655fc1f1543b
https://medium.com/@pig.wig45/touch-id-authentication-bypass-on-evernote-and-dropbox-ios-apps-7985219767b2
https://medium.com/@r99tiq/how-i-hacked-basf-company-3b75ef39c74f
https://medium.com/@rojanrijal/source-code-analysis-in-ysurvey-luminate-bug-c86dc29b70c4
https://medium.com/@santoshbrl5/facebook-new-account-verification-bypass-c589017f2faf
https://medium.com/@ultranoob/weird-and-simple-2fa-bypass-without-any-test-b869e09ac261
https://medium.com/@vishnu0002/instagram-multi-factor-authentication-bypass-924d963325a1
https://medium.com/@yassergersy/access-to-staging-environment-via-user-agent-string-23470546577f
https://medium.com/@zseano/its-all-in-the-detail-email-leak-account-takeover-thanks-to-waybackmachine-extensive-4be365580dd7
https://medium.com/bugbountywriteup/adminer-script-results-to-pwning-server-private-bug-bounty-program-fe6d8a43fe6f
https://medium.com/bugbountywriteup/broken-authentication-bug-bounty-5c941a4a5f48
https://medium.com/bugbountywriteup/bug-bounty-mail-ru-234fa6f5a5a
https://medium.com/bugbountywriteup/bugbounty-i-dont-need-your-current-password-to-login-into-your-account-how-could-i-e51a945b083d
https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3
https://medium.com/clouddevops/bugbounty-how-i-cracked-2fa-two-factor-authentication-with-simple-factor-brute-force-a1c0f3a2f1b4
https://medium.com/japzdivino/bypass-hackerone-2fa-requirement-and-reporter-blacklist-46d7959f1ee5
https://medium.com/sourav-sahana/bypass-mobile-pin-verification-d2c571afa3aa
https://mohitdabas.wordpress.com/2018/09/18/bypassing-authentication-using-javascript-debugger/
https://noobe.io/articles/2019-09/exploiting-cookie-based-xss-by-finding-rce
https://pwnsec.ninja/2019/09/14/how-i-found-a-simple-and-weird-account-takeover-bug/
https://pwnsec.ninja/2020/03/04/bug-bounty-catches-part-1/
https://seekurity.com/blog/2016/02/12/admin/write-ups/eset-broken-authentication-vulnerability
https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues
https://techblog.mediaservice.net/2020/01/ok-google-bypass-the-authentication/
https://tutorgeeks.blogspot.com/2019/05/security-assessment-on-staging-domains.html
https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/
https://www.arneswinnen.net/2016/11/authentication-bypass-on-sso-ubnt-com-via-subdomain-takeover-of-ping-ubnt-com/
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/
https://www.digitalinterruption.com/single-post/2018/01/04/ToyTalkBugBountyWriteup
https://www.jonbottarini.com/2017/04/03/inspect-element-leads-to-stripe-account-lockout-authentication-bypass/
https://www.randorisec.fr/client-side-validation/
https://wwws.nightwatchcybersecurity.com/2019/02/14/third-party-android-app-storing-facebook-data-insecurely/
https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/