from Hacker News

Researchers took over Booking.com accounts using a legitimate Facebook link

by aviCC on 3/2/23, 10:33 PM with 1 comments

The vulnerability exists in OAuth (social sign-in), used by almost every website today. If you are unfamiliar with OAuth, the post (in the first comment) explains it step-by-step with detailed diagrams.

by aviCC on 3/2/23, 10:34 PM
https://salt.security/blog/traveling-with-oauth-account-take...
Video: https://youtu.be/IK_AV1UFS-0