Back to directory
WRITEUP #3827

Misconfiguration in Change-password Functionality Leads to Account Takeover

IDORLogic flawPassword resetAccount takeover
by@0x___2m(Mahmoud Radwan)
Program
-
Published
Apr 18, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://0x2m.medium.com/misconfiguration-in-change-password-functionality-leads-to-account-takeover-1314b5507abf
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
Auth BypassAccount takeover
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat