Back to directory
WRITEUP #3971

Hijacking Reset Password Link in https://www.niteflirt.com/ via Host Header Poising (Write Up)

Auth BypassHost header injectionAccount takeoverPassword reset
by@evanricafort(Evan Ricafort)
Bounty
50
Program
Niteflirt
Published
Feb 25, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://blog.evanricafort.com/2021/02/hijacking-reset-password-link-in.html
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat