Back to directory
WRITEUP #2366

UN United Nations Host Header Injection leads to any Full Account Takeover (ATO)

Auth BypassHost header injectionPassword resetAccount takeover
byAhmed Hassan
Program
United Nations
Published
Aug 13, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@Bishoo97x/un-united-nations-host-header-injection-leads-to-any-full-account-takeover-ato-795bc9ebc670
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat