Aaron Parecki · May 27, 2019 · 8:55 PM UTC

Aaron Parecki

Aaron Parecki @aaronpk

27 May 2019

To anyone who thought partial redirect URL matching in @OAuth_2 is "good enough," read this thread. Complete Periscope account takeover just by viewing a tweet. hackerone.com/reports/110293 #oauth

Imaginary G · May 28, 2019 · 5:30 AM UTC

Imaginary G @TheHammerSpeaks

28 May 2019

Risky click?

Aaron Parecki · May 28, 2019 · 12:36 PM UTC

Aaron Parecki · May 28, 2019 · 12:36 PM UTC

Aaron Parecki @aaronpk

28 May 2019

Replying to @TheHammerSpeaks @oauth_2

but not that tweet 😉

May 28, 2019 · 12:36 PM UTC