WRITEUP #3324

500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻

Auth BypassOTP bypassAccount takeoverPassword reset

by@NaiduPonnana(Gowtham_Naidu)

Bounty

500

Program

Published

Oct 13, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://gowtham-naidu.medium.com/500-bug-sensitive-data-exposure-to-broken-access-control-leads-how-i-able-to-take-over-any-33658f16e265

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat