Back to directory
WRITEUP #5982

#BugBounty — "How I was able to hack any user account via password reset?"

IDORAccount takeoverPassword reset
by@BgxDoc(Bikash Gupta)
Program
-
Published
May 23, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@BgxDoc/bugbounty-how-i-was-able-to-hack-any-user-account-via-password-reset-9009d84d94ff
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR

Built with ❤️ by Shubham Rawat