Back to directory

WRITEUP #4457

Account takeover in cups.mail.ru

Logic BugLogic flawPassword resetAccount takeover

by@kyawminthein99(kminthein / weev3)

Bounty

1,500

Program

Mail.ru

Published

Aug 3, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/kminthein/account-takeover-in-cups-mail-ru-bdab1483f92c

▸ RELATED WRITEUPS

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

“Like” Bypass on Customer Reviews — €500 bounty

Logic BugLogic flaw

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat