mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Added 2FA bypass via Force Browsing on Account Takeover branch
This commit is contained in:
parent
a766679356
commit
7e82d93897
@ -27,6 +27,7 @@
|
||||
* [Backup Code Abuse](#backup-code-abuse)
|
||||
* [Clickjacking on 2FA Disabling Page](#clickjacking-on-2fa-disabling-page)
|
||||
* [Enabling 2FA doesn't expire Previously active Sessions](#enabling-2fa-doesnt-expire-previously-active-sessions)
|
||||
* [Bypass 2FA by Force Browsing](#bypass-2fa-by-force-browsing)
|
||||
* [Bypass 2FA with null or 000000](#bypass-2fa-with-null-or-000000)
|
||||
* [Bypass 2FA with array](#bypass-2fa-with-array)
|
||||
* [References](#references)
|
||||
@ -228,6 +229,10 @@ Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
|
||||
|
||||
If the session is already hijacked and there is a session timeout vuln
|
||||
|
||||
### Bypass 2FA by Force Browsing
|
||||
|
||||
If the application redirects to `/my-account` url upon login while 2Fa is disabled, try replacing `/2fa/verify` with `/my-account` while 2FA is enabled to bypass verification.
|
||||
|
||||
### Bypass 2FA with null or 000000
|
||||
Enter the code **000000** or **null** to bypass 2FA protection.
|
||||
|
||||
@ -262,3 +267,4 @@ Enter the code **000000** or **null** to bypass 2FA protection.
|
||||
- [Broken Cryptography & Account Takeovers - Harsh Bothra - September 20, 2020](https://speakerdeck.com/harshbothra/broken-cryptography-and-account-takeovers?slide=28)
|
||||
- [Hacking Grindr Accounts with Copy and Paste - Troy HUNT & Wassime BOUIMADAGHENE - 03 OCTOBER 2020](https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/)
|
||||
- [CTFd Account Takeover](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
|
||||
- [2FA simple bypass](https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass)
|
||||
|
Loading…
Reference in New Issue
Block a user