{"author_name":"ThisIsOne","height":"190","title":"How I was able to take over accounts in websites deal with Github as an SSO provider\u3092\u8a33\u3057\u3066\u307f\u305f","published":"2022-05-29 09:50:57","width":"100%","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","url":"https://cysec148.hatenablog.com/entry/2022/05/29/095057","provider_url":"https://hatena.blog","blog_url":"https://cysec148.hatenablog.com/","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2022%2F05%2F29%2F095057\" title=\"How I was able to take over accounts in websites deal with Github as an SSO provider\u3092\u8a33\u3057\u3066\u307f\u305f - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","description":"Hello there, ('\u03c9')\u30ce Github\u3092\u6271\u3063\u3066\u3044\u308bWeb\u30b5\u30a4\u30c8\u3067\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u5f15\u304d\u7d99\u3050\u3053\u3068\u304c\u3067\u304d\u305f\u65b9\u6cd5\u3092\u3002 \u8106\u5f31\u6027\uff1a \u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9 \u30ec\u30fc\u30c8\u5236\u9650\u306e\u6b20\u5982 SSO\u30d0\u30b0 E\u30e1\u30fc\u30eb\u691c\u8a3c\u30d0\u30a4\u30d1\u30b9 \u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a \u8a18\u4e8b\uff1a https://infosecwriteups.com/how-i-was-able-to-takeover-accounts-in-websites-deal-with-github-as-a-sso-provider-294290358e0c \u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\uff08SSO\uff09\u306f\u3001\u30e6\u30fc\u30b6\u304c\uff11\u30bb\u30c3\u30c8\u306e\u8cc7\u683c\u60c5\u5831\u3092\u4f7f\u7528\u3057\u3066\u3002 \u8907\u6570\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u30b5\u30fc\u30d3\u30b9\u306b\u5b89\u5168\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u2026","categories":["Bug Bounty"],"image_url":null,"provider_name":"Hatena Blog","blog_title":"Shikata Ga Nai","type":"rich","version":"1.0"}