Added 2FA bypass via Force Browsing on Account Takeover branch

This commit is contained in:
Nayeem Islam 2022-10-05 17:42:01 +06:00
parent a766679356
commit 7e82d93897

View File

@ -27,6 +27,7 @@
* [Backup Code Abuse](#backup-code-abuse) * [Backup Code Abuse](#backup-code-abuse)
* [Clickjacking on 2FA Disabling Page](#clickjacking-on-2fa-disabling-page) * [Clickjacking on 2FA Disabling Page](#clickjacking-on-2fa-disabling-page)
* [Enabling 2FA doesn't expire Previously active Sessions](#enabling-2fa-doesnt-expire-previously-active-sessions) * [Enabling 2FA doesn't expire Previously active Sessions](#enabling-2fa-doesnt-expire-previously-active-sessions)
* [Bypass 2FA by Force Browsing](#bypass-2fa-by-force-browsing)
* [Bypass 2FA with null or 000000](#bypass-2fa-with-null-or-000000) * [Bypass 2FA with null or 000000](#bypass-2fa-with-null-or-000000)
* [Bypass 2FA with array](#bypass-2fa-with-array) * [Bypass 2FA with array](#bypass-2fa-with-array)
* [References](#references) * [References](#references)
@ -228,6 +229,10 @@ Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vuln If the session is already hijacked and there is a session timeout vuln
### Bypass 2FA by Force Browsing
If the application redirects to `/my-account` url upon login while 2Fa is disabled, try replacing `/2fa/verify` with `/my-account` while 2FA is enabled to bypass verification.
### Bypass 2FA with null or 000000 ### Bypass 2FA with null or 000000
Enter the code **000000** or **null** to bypass 2FA protection. Enter the code **000000** or **null** to bypass 2FA protection.
@ -262,3 +267,4 @@ Enter the code **000000** or **null** to bypass 2FA protection.
- [Broken Cryptography & Account Takeovers - Harsh Bothra - September 20, 2020](https://speakerdeck.com/harshbothra/broken-cryptography-and-account-takeovers?slide=28) - [Broken Cryptography & Account Takeovers - Harsh Bothra - September 20, 2020](https://speakerdeck.com/harshbothra/broken-cryptography-and-account-takeovers?slide=28)
- [Hacking Grindr Accounts with Copy and Paste - Troy HUNT & Wassime BOUIMADAGHENE - 03 OCTOBER 2020](https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/) - [Hacking Grindr Accounts with Copy and Paste - Troy HUNT & Wassime BOUIMADAGHENE - 03 OCTOBER 2020](https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/)
- [CTFd Account Takeover](https://nvd.nist.gov/vuln/detail/CVE-2020-7245) - [CTFd Account Takeover](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
- [2FA simple bypass](https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass)