WRITEUP #4598

Business logic flaw in the invitation system allows to Takeover any account at a private company

Auth BypassAccount takeoverIDOR

Program

Published

Jun 15, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/bugbountywriteup/business-logic-flaw-in-invitation-system-allows-to-takeover-any-account-at-private-company-daaf898966b0

▸ RELATED WRITEUPS

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Auth BypassSSO

Account takeover on 8 years old public program

Auth BypassAccount takeover

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

APIGraphQL

Built with ❤️ by Shubham Rawat