WRITEUP #5229

Full Account Takeover via Changing Email And Password of any User through API Parameters

IDORPassword resetAccount takeover

by@AdeshKolte(Adesh Nandkishor kolte)

Program

Published

Jul 26, 2019

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://web.archive.org/web/20201008153910/https://medium.com/@adeshkolte/full-account-takeover-changing-email-and-password-of-any-user-through-api-parameters-3d527ab27240

▸ RELATED WRITEUPS

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

APIGraphQL

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

RCEBruteforce

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

XSSSelf-XSS

Zomatoooo! IDOR in Saved Payments

IDOR

Built with ❤️ by Shubham Rawat