➡ Use intruder to send many reset links/token to your email in a short amount of time and compare the links/tokens.
If only a few digits are different you can brute force them. After you can do the same with 2 different emails
If only a few digits are different you can brute force them. After you can do the same with 2 different emails
➡ HTTP Parameter Pollution
When requesting a password reset link:
email=victim@domain.com&youremail@domain.com
When resetting password:
token={token}&email=youremail@domain.com&email=victim@domain.com
When requesting a password reset link:
email=victim@domain.com&youremail@domain.com
When resetting password:
token={token}&email=youremail@domain.com&email=victim@domain.com
➡ If you find your password reflected in response/source code don't report it yet
Check if it is vulnerable to CORS or any IDOR to steal other user's passwords
Check if it is vulnerable to CORS or any IDOR to steal other user's passwords
➡ Check if any CSRF token is implemented while changing profile information, if not generate CSRF PoC while changing email
➡ Link your account to facebook/google and capture the request, if there is no CSRF here you can send the link to a victim to link your google to his account, then you log in using google
➡ (Once got that)
While linking account to facebook, POST request looked like : oauth={token}&userid=myuserid&email=myemail
Change userid with victim's userid and forward.
#BugBounty #BugBountyTip #BugBountyTips
While linking account to facebook, POST request looked like : oauth={token}&userid=myuserid&email=myemail
Change userid with victim's userid and forward.
#BugBounty #BugBountyTip #BugBountyTips
Thanks To Read This Amazing Thread 🧵On :
• Account Takeover Tips🔥
All Credit Goes to : @m0m0x01d
#bugbounty #Infosec
• Account Takeover Tips🔥
All Credit Goes to : @m0m0x01d
#bugbounty #Infosec
• • •
Missing some Tweet in this thread? You can try to
force a refresh
