Mohammad Reza Mirzadzare

@mirzadzare

Website

Bug Bounty Hunter

Joined November 2025

About

Nothing here yet.

Available for

Nothing here yet.

Mohammad Reza Mirzadzare's blogs

Blog | Mirzadzare (Spix0r)blog.mirzadzare.net2 posts

Articles Comments

Recently published

MRMohammad Reza Mirzadzareblog.mirzadzare.netFeb 20 · 7 min read

IP Spoofing to Account Takeover: You Patched It? Really?

Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa

0

MRMohammad Reza Mirzadzareblog.mirzadzare.netDec 1, 2025 · 9 min read

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition

Abstract Just one click on a malicious link → account takeover. No phishing, no malware. I discovered a security flaw in a popular desktop app’s OAuth flow that let me steal any user’s account just

2

VM

Mohammad Reza Mirzadzare

About

Available for

Mohammad Reza Mirzadzare's blogs

Recently published

IP Spoofing to Account Takeover: You Patched It? Really?

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition

Search Hashnode

Mohammad Reza Mirzadzare

About

Available for

Mohammad Reza Mirzadzare's blogs

Recently published

IP Spoofing to Account Takeover: You Patched It? Really?

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition