Back to directory

WRITEUP #3101

Host Header Injection Lead To Account Takeovers

Auth BypassHost header injectionPassword resetAccount takeover

by@ArmanSecurity(M7.Arman)

Program

-

Published

Jan 9, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://systemweakness.com/host-header-injection-lead-to-account-takeover-2f025a645d13

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat