Back to directory

WRITEUP #4310

ATO via Host Header Poisoning

Auth BypassHost header injectionAccount takeoverPassword reset

by@sechunt3r(Shivam Kamboj Dattana)

Bounty

2,000

Program

-

Published

Oct 8, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/@sechunter/ato-via-host-header-poisoning-dc5c29d2fd0d

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

Breaking the Barrier: Admin Panel Takeover Worth $3500

Auth BypassAuthentication bypass

Built with ❤️ by Shubham Rawat