Handful of OAuth bugs combine for GitHub session theft
Chaining together five low security bugs has allowed Russian security researcher Egor Homakov to steal user sessions and increase the scope of OAuth tokens from GitHub, giving Homakov the ability to access and delete private GitHub repositories and Gists.
Detailing the process of linking the five bugs together in a blog post, Homakov called his exploit the "perfect crime".