Back to directory
WRITEUP #141

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

RCEBruteforceLack of rate limitingPassword resetAccount takeover
by@h0tak88r(Mosaad Sallam)
Program
-
Published
Jul 28, 2024
Added to HackDex
Jul 30, 2024
Read Full Writeuphttps://sallam.gitbook.io/sec-88/bug-bounty/unlocking-the-weak-spot-exploiting-insecure-password-reset-tokens
RELATED WRITEUPS
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
RCEOTP bruteforce
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
RCEDependency confusion
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat