ATO - Fix typo

This commit is contained in:
Swissky 2020-09-27 20:05:56 +02:00
parent 6c1a6c41aa
commit ef90ce9bce

View File

@ -3,7 +3,7 @@
## Summary ## Summary
* [Password Reset Feature](#password-reset-feature) * [Password Reset Feature](#password-reset-feature)
* [Password Reset Token Leak Via Referrer](#password-reset-token-leak-via-referer) * [Password Reset Token Leak Via Referrer](#password-reset-token-leak-via-referrer)
* [Account Takeover Through Password Reset Poisoning](#account-takeover-through-password-reset-poisoning) * [Account Takeover Through Password Reset Poisoning](#account-takeover-through-password-reset-poisoning)
* [Password Reset Via Email Parameter](#password-reset-via-email-parameter) * [Password Reset Via Email Parameter](#password-reset-via-email-parameter)
* [IDOR on API Parameters](#idor-on-api-parameters) * [IDOR on API Parameters](#idor-on-api-parameters)
@ -61,7 +61,7 @@ email=victim@mail.com|hacker@mail.com
1. Attacker have to login with their account and go to the **Change password** feature. 1. Attacker have to login with their account and go to the **Change password** feature.
2. Start the Burp Suite and Intercept the request 2. Start the Burp Suite and Intercept the request
3. Send it to the repeater tab and edit the parameters 3. Send it to the repeater tab and edit the parameters : User ID/email
```powershell ```powershell
POST /api/changepass POST /api/changepass
[...] [...]
@ -118,7 +118,7 @@ Refer to **HTTP Request Smuggling** vulnerability page.
X: X X: X
``` ```
### Account Takeover via CSRF ## Account Takeover via CSRF
1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change" 1. Create a payload for the CSRF, e.g: "HTML form with auto submit for a password change"
2. Send the payload 2. Send the payload
@ -128,6 +128,13 @@ Hackerone reports exploiting this bug
* https://hackerone.com/reports/771666 * https://hackerone.com/reports/771666
## Account Takeover via JWT
JSON Web Token might be used to authenticate an user.
* Edit the JWT with another User ID / Email
* Check for weak JWT signature
## TODO ## TODO
* Broken cryptography * Broken cryptography