WRITEUP #1439

[Account Takeover] Don’t Send a Message to anyone Before Reading This [External Audit]

Auth BypassHTTP response manipulationAuthentication bypassAccount takeover

byVipul Sahu

Program

Published

Mar 7, 2023

Added to HackDex

Mar 8, 2023

Read Full Writeuphttps://infosecwriteups.com/dont-send-a-message-to-anyone-before-reading-this-account-takeover-vulnerability-external-audit-cf584a0c983c

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat