ioc[.]one - OSINT Cyber Threat Intelligence Database

Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability

Tags

country:	China
attack-pattern:	Javascript - T1059.007 Server - T1583.004 Server - T1584.004 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	b5b5d818-5c9e-4835-8de9-ffcaa10de471
Fingerprint	bd4bd99d4f37d489
Analysis status	DONE
Considered CTI value	1
Text language
Published	June 4, 2023, 8:26 a.m.
Added to db	June 4, 2023, 10:51 a.m.
Last updated	Nov. 18, 2024, 8:27 a.m.
Headline	Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability
Title	Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability
Detected Hints/Tags/Attributes	35/2/21

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@mrhavit/breaking-tiktok-our-journey-to-finding-an-account-takeover-vulnerability-b0646aba1c4b?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	11	tiktok.com
Details	Domain	1	go.onelink.me
Details	Domain	3	ads.tiktok.com
Details	Domain	24	www.tiktok.com
Details	Domain	49	xhr.open
Details	Domain	1	rqlu5n70d1zgnxxbz3xzlq09b0hr5ntc.oastify.com
Details	File	2	user.inf
Details	File	1	account.config
Details	File	2	asd.js
Details	sha1	1	b5d324d197693fd0ab0f5bde42020d3f91feb5bb
Details	sha1	1	64588d019065e001fa8e7abdd884581c10770400
Details	IPv4	6	113.0.0.0
Details	IPv4	1442	127.0.0.1
Details	Url	4	https://tiktok.com
Details	Url	1	https://go.onelink.me/bauo
Details	Url	1	https://go.onelink.me/mrhavit
Details	Url	1	https://ads.tiktok.com/i18n/login/?_extra=cgxhdgzvcm09dglrdg9rjmxvz2lux2fjdglvbj1yzwrpcmvjdczzag93x2jpbmrfzxjyb3i9dhj1zszzag93x2xvz291dd10cnvljm9yawdpbj1odhrwczovl2fkcy50awt0b2suy29tl2kxog4vbg9naw4vjnvzzxjfc2v0dgluz19zdgf0dxm9dhj1zszyzwrpcmvjdd1odhrwcyuzqsuyriuyrmfkcy50awt0b2suy29tjtjgate4biuyrmhvbwulmkymznjvbv9wywdlpwxvz2lu&state=b5d324d197693fd0ab0f5bde42020d3f91feb5bb&state=b5d324d197693fd0ab0f5bde42020d3f91feb5bb
Details	Url	9	https://www.tiktok.com
Details	Url	1	https://www.tiktok.com/auth/authorize?client_key=aw8cb3204x0a1g88&response_type=code&scope=user.info.basic,user.info.email,user.info.phone,user.info.showcase,video.list.no_watermark,video.list.private_ads.no_watermark,user.account.configure,video.list.manage,live.list,comment.list,comment.list.manage&version=1&lang=en&state=b5d324d197693fd0ab0f5bde42020d3f91feb5bb&redirect_uri=https://ads.tiktok.com/i18n/login/?_extra=cgxhdgzvcm09dglrdg9rjmxvz2lux2fjdglvbj1yzwrpcmvjdczzag93x2jpbmrfzxjyb3i9dhj1zszzag93x2xvz291dd10cnvljm9yawdpbj1odhrwczovl2fkcy50awt0b2suy29tl2kxog4vbg9naw4vjnvzzxjfc2v0dgluz19zdgf0dxm9dhj1zszyzwrpcmvjdd1odhrwcyuzqsuyriuyrmfkcy50awt0b2suy29tjtjgate4biuyrmhvbwulmkymznjvbv9wywdlpwxvz2lu&state=b5d324d197693fd0ab0f5bde42020d3f91feb5bb&error_uri=https://ads.tiktok.com/i18n/login/?_extra=cgxhdgzvcm09dglrdg9rjmxvz2lux2fjdglvbj1yzwrpcmvjdczzag93x2jpbmrfzxjyb3i9dhj1zszzag93x2xvz291dd10cnvljm9yawdpbj1odhrwczovl2fkcy50awt0b2suy29tl2kxog4vbg9naw4vjnvzzxjfc2v0dgluz19zdgf0dxm9dhj1zszyzwrpcmvjdd1odhrwcyuzqsuyriuyrmfkcy50awt0b2suy29tjtjgate4biuyrmhvbwulmkymznjvbv9wywdlpwxvz2lu&state=b5d324d197693fd0ab0f5bde42020d3f91feb5bb
Details	Url	1	http://127.0.0.1:5500/asd.js
Details	Url	1	https://www.tiktok.com/passport/open/web/auth/?client_key=aw8cb3204x0a1g88&scope=user.info.basic,user.info.phone,video.list.manage,comment.list,live.list,video.list.private_ads.no_watermark,user.account.configure,user.info.showcase,user.info.email,video.list.no_watermark,comment.list.manage&aid=1459&source=web&redirect_uri=https://ads.tiktok.com/blablablabla