Mohammad Reza Mirzadzare

@mirzadzare

Website

Bug Bounty Hunter

Joined November 2025

About

Nothing here yet.

Available for

Nothing here yet.

Mohammad Reza Mirzadzare's blogs

Blog | Mirzadzare (Spix0r)blog.mirzadzare.net2 posts

Articles Threads Comments

Recently published

MRMohammad Reza Mirzadzareblog.mirzadzare.net

0

IP Spoofing to Account Takeover: You Patched It? Really?

Feb 20 · 7 min read · Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa

Join discussion

MRMohammad Reza Mirzadzareblog.mirzadzare.net

2

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition

Dec 1, 2025 · 9 min read · Abstract Just one click on a malicious link → account takeover. No phishing, no malware. I discovered a security flaw in a popular desktop app’s OAuth flow that let me steal any user’s account just

VMV4L4 and 1 more commented

Mohammad Reza Mirzadzare

About

Available for

Mohammad Reza Mirzadzare's blogs

Recently published

IP Spoofing to Account Takeover: You Patched It? Really?

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition

Search Hashnode

Mohammad Reza Mirzadzare

About

Available for

Mohammad Reza Mirzadzare's blogs

Recently published

IP Spoofing to Account Takeover: You Patched It? Really?

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition