WRITEUP #5295

Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference)

IDORPassword resetAccount takeover

by@protector47(Muhammad Asim Shahzad)

Bounty

1,200

Program

Published

Jun 22, 2019

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://web.archive.org/web/20201001064738/https://medium.com/@protector47/password-reset-vulnerability-full-account-takeover-insecure-direct-object-reference-c4a9a3ea8268

▸ RELATED WRITEUPS

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

APIGraphQL

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

RCEBruteforce

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

XSSSelf-XSS

Zomatoooo! IDOR in Saved Payments

IDOR

Built with ❤️ by Shubham Rawat