View RSS Feed

ajaysinghnegi

  1. Account Takeover Using Password Reset Vulnerability

    [LEFT][B]Account Takeover Using Password Reset Functionality[/B]
    [/LEFT]
    While researching and working on bug bounties I have found that by using Password Reset Functionality, Token & Link we can Takeover all the users account of a website if that site is vulnerable to this type of attack.


    Using this vulnerability the attacker can modify the email md5 hash to any victims email md5 hash to change their password and in this way he can also reset all passwords ...