JOIN BREACHFORUMS TELEGRAM
[POC] Google OAuth "MultiLogin" endpoint 0-day
by Farfallaiero - Friday December 29, 2023 at 05:40 PM
I Am Become Death; Destoyer of Worlds
God
Posts: 42
Threads: 11
Joined: Oct 2023
Reputation: 250

GOD
#1
Dec 29, 2023, 05:40 PM
Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

Hidden Content
You must register or login to view this content.
0D|nS3c
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Dec 2023
Reputation: 0
#2
Dec 29, 2023, 05:45 PM
Amazing discovery, thanks for sharing this!
Reply
Elite User

Posts: 146
Threads: 12
Joined: Aug 2023
Reputation: 0
#3
Jan 01, 2024, 01:21 PM
(Dec 29, 2023, 05:40 PM)Farfalla Wrote: Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

really nice..
Reply
MVP User
MVP
Posts: 423
Threads: 40
Joined: Jun 2023
Reputation: 603

Lotery WinnerMVP
#4
Jan 05, 2024, 11:22 AM
(Dec 29, 2023, 05:40 PM)Farfalla Wrote: Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

Why do we need to pay credits if it's available for free ?
Website
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Jan 2024
Reputation: 0
#5
Feb 08, 2024, 06:22 AM
Im gonna test this rn. I have read about this and needed to see how it works.
Reply
Breached
Member
Posts: 19
Threads: 0
Joined: Feb 2024
Reputation: 0
#6
Feb 08, 2024, 07:19 AM
lests test and see this
Reply
Breached
Member
Posts: 55
Threads: 1
Joined: Nov 2023
Reputation: 0
#7
Feb 08, 2024, 07:43 AM
thanks for the share my guy Big Grin
Reply
Breached
Member
Posts: 101
Threads: 11
Joined: Jan 2024
Reputation: 0
#8
Feb 08, 2024, 11:26 AM
Holy shit thanks man
Reply
Breached
Member
Posts: 10
Threads: 0
Joined: Aug 2023
Reputation: 0
#9
Feb 08, 2024, 05:07 PM
Thank's for the exploit
Reply
Breached
Member
Posts: 9
Threads: 0
Joined: Nov 2023
Reputation: 0
#10
Feb 08, 2024, 05:40 PM
Thanks for sharing
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  {SECRET} DATABASE OF EXPLOITS lulagain 440 27,444 Yesterday, 09:44 PM
Last Post: caribou
  Dokan Pro Unauthenticated SQL Injection POC | CVSS 10 Loki 44 3,958 Yesterday, 04:45 PM
Last Post: Insulina
  Ban Any Discord Exploit phineasfisherman 7 522 May 06, 2026, 10:16 AM
Last Post: sniperx86
  New Zer0 Day Wordpress A3g00n 81 3,527 May 05, 2026, 03:06 AM
Last Post: DirtyEra
  Wordpress Elementor 3.11.6 Exploit - Full Takeover TheGoodlife 102 19,830 May 04, 2026, 06:45 AM
Last Post: eztocard

Forum Jump:


 Users browsing this forum: 1 Guest(s)