Back to directory
WRITEUP #508

Chaining IDOR and Host Header can takeover 18 Billion of users account

IDORHost header injectionPassword resetAccount takeover
by@nullr3x(Sahil Mehra)
Program
-
Published
Jan 26, 2024
Added to HackDex
Jan 29, 2024
Read Full Writeuphttps://nullr3x.medium.com/chaining-idor-and-host-header-can-takeover-18-billion-of-users-account-3f0c3fdbc29b
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR

Built with ❤️ by Shubham Rawat