WRITEUP #5990

How i HACKED admin account via password reset IDOR function of one private currency exchanger site

IDORAccount takeoverPassword reset

by@aayushpok(Aayush Pokhrel)

Program

Published

May 19, 2018

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/@aayushpokhrel/how-i-hacked-admin-account-via-password-reset-idor-of-one-private-currency-exchanger-site-51723c7c8704

▸ RELATED WRITEUPS

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

APIGraphQL

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

RCEBruteforce

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Self-XSS to ATO via Site Features

XSSSelf-XSS

Zomatoooo! IDOR in Saved Payments

IDOR

Built with ❤️ by Shubham Rawat