Back to directory
WRITEUP #6099

#BugBounty — "I don't need your current password to login into your account" - How could I completely takeover any user's account in an online classified ads company.

Auth BypassAuthentication bypass
by@logicbomb_1(Avinash Jain)
Program
-
Published
Feb 3, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/bugbountywriteup/bugbounty-i-dont-need-your-current-password-to-login-into-your-account-how-could-i-e51a945b083d
RELATED WRITEUPS
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass
SAML Authentication Bypass Leading to Admin Panel Access
Auth BypassSAML
Breaking Down Barriers: Exploiting Authenticated IPC Clients
Auth BypassIPC client
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat