JOIN BREACHFORUMS TELEGRAM
[POC] Google OAuth "MultiLogin" endpoint 0-day
by Farfallaiero - Friday December 29, 2023 at 05:40 PM
I Am Become Death; Destoyer of Worlds
God
Posts: 42
Threads: 11
Joined: Oct 2023
Reputation: 250

GOD
#1
Dec 29, 2023, 05:40 PM
Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

Hidden Content
You must register or login to view this content.
0D|nS3c
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Dec 2023
Reputation: 0
#2
Dec 29, 2023, 05:45 PM
Amazing discovery, thanks for sharing this!
Reply
Elite User

Posts: 146
Threads: 12
Joined: Aug 2023
Reputation: 0
#3
Jan 01, 2024, 01:21 PM
(Dec 29, 2023, 05:40 PM)Farfalla Wrote: Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

really nice..
Reply
MVP User
MVP
Posts: 423
Threads: 40
Joined: Jun 2023
Reputation: 603

Lotery WinnerMVP
#4
Jan 05, 2024, 11:22 AM
(Dec 29, 2023, 05:40 PM)Farfalla Wrote: Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

Why do we need to pay credits if it's available for free ?
Website
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Jan 2024
Reputation: 0
#5
Feb 08, 2024, 06:22 AM
Im gonna test this rn. I have read about this and needed to see how it works.
Reply
Breached
Member
Posts: 19
Threads: 0
Joined: Feb 2024
Reputation: 0
#6
Feb 08, 2024, 07:19 AM
lests test and see this
Reply
Breached
Member
Posts: 55
Threads: 1
Joined: Nov 2023
Reputation: 0
#7
Feb 08, 2024, 07:43 AM
thanks for the share my guy Big Grin
Reply
Breached
Member
Posts: 101
Threads: 11
Joined: Jan 2024
Reputation: 0
#8
Feb 08, 2024, 11:26 AM
Holy shit thanks man
Reply
Breached
Member
Posts: 10
Threads: 0
Joined: Aug 2023
Reputation: 0
#9
Feb 08, 2024, 05:07 PM
Thank's for the exploit
Reply
Breached
Member
Posts: 9
Threads: 0
Joined: Nov 2023
Reputation: 0
#10
Feb 08, 2024, 05:40 PM
Thanks for sharing
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  {SECRET} DATABASE OF EXPLOITS lulagain 435 26,319 10 hours ago
Last Post: DirtyEra
  New Zer0 Day Wordpress A3g00n 81 3,316 Today, 03:06 AM
Last Post: DirtyEra
  Wordpress Elementor 3.11.6 Exploit - Full Takeover TheGoodlife 102 19,680 Yesterday, 06:45 AM
Last Post: eztocard
  new wordpress website takeover vuln (video + poc ) zinzeur 314 28,309 Apr 30, 2026, 03:54 PM
Last Post: baku
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 66 3,159 Apr 29, 2026, 08:51 PM
Last Post: Yjuddur

Forum Jump:


 Users browsing this forum: 1 Guest(s)