X (Formerly Twitter): Account Takeover in Periscope TV
Summary: When you login periscope.tv using twitter, and change the host header from www.periscope.tv to attacker.com/www.periscope.tv, the oauth redirect destination will be attacker.com/www.periscope.tv, thus allowing attacker to send the oauth authorize link to victim, and takeover their accoun...