This topic describes some ways for inducing victims to log into an attacker’s account on the Internet, which can result in some vulnerabilities and attack scenarios.Meanwhile, this topic will also mention how to fix it.This kind of security risk is often overlooked, while it can provide important help for some use of vulnerabilities, even combining some of the low-risk vulnerabilities or features of CSRF, selfxss, OAuth, and SSO, etc. to steal login credentials, bind third-party backdoors accounts, steal privacy, access others’ resources, conduct phishing attacks and implement fraudulent use of identity, etc.
Network ID: Daizibukaikou. He is skillful in web security and once worked for Internet companies such as Sina, Nokia, Meituan, and Xiaomi on information security. He is currently working for Antfin as a security expert, and is responsible for the system and network security.