[POC] Google OAuth "MultiLogin" endpoint 0-day
by Farfallaiero - Friday December 29, 2023 at 05:40 PM
I Am Become Death; Destoyer of Worlds
user_55411
Posts: 34
Threads: 10
Joined: Oct 2023
Reputation: 250

#1
12-29-2023, 05:40 PM
Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

Hidden Content
You must register or login to view this content.
0D|nS3c
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Dec 2023
Reputation: 0

#2
12-29-2023, 05:45 PM
Amazing discovery, thanks for sharing this!
Reply
Elite User

Posts: 110
Threads: 12
Joined: Aug 2023
Reputation: 0

#3
01-01-2024, 01:21 PM
(12-29-2023, 05:40 PM)Farfalla Wrote: Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

really nice..
Reply
MVP User
MVP
Posts: 300
Threads: 40
Joined: Jun 2023
Reputation: 603

#4
01-05-2024, 11:22 AM
(12-29-2023, 05:40 PM)Farfalla Wrote: Informational POC


Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
Rhadamanthys, Risepro, Meduza and Stealc Stealer adopted this technique. On December 26, White Snake also implemented the exploit.

Why do we need to pay credits if it's available for free ?
Website
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Jan 2024
Reputation: 0

#5
02-08-2024, 06:22 AM
Im gonna test this rn. I have read about this and needed to see how it works.
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Feb 2024
Reputation: 0

#6
02-08-2024, 07:19 AM
lests test and see this
Reply
Breached
Member
Posts: 46
Threads: 1
Joined: Nov 2023
Reputation: 0

#7
02-08-2024, 07:43 AM
thanks for the share my guy Big Grin
Reply
Breached
Member
Posts: 83
Threads: 11
Joined: Jan 2024
Reputation: 0

#8
02-08-2024, 11:26 AM
Holy shit thanks man
Reply
Breached
Member
Posts: 9
Threads: 0
Joined: Aug 2023
Reputation: 0

#9
02-08-2024, 05:07 PM
Thank's for the exploit
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Nov 2023
Reputation: 0

#10
02-08-2024, 05:40 PM
Thanks for sharing
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 64 2,429 03-28-2026, 05:09 PM
Last Post: Wayama
  new wordpress website takeover vuln (video + poc ) zinzeur 313 27,277 03-28-2026, 02:43 AM
Last Post: toshi99
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,092 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123



 Users browsing this thread: