Account Takeover Via Password Reset

Before I start explaining how I found this bug.I will talk about Account Takeovers Methodologies

Account Takeovers Methodologies:-

  • CSRF
  • No rate limit on login with weak password policy
  • Token leaks Via Referrer
  • Sensitive data exposure
  • Password reset poisoning
  • Auth Bypass
  • Steal cookies with Xss

Now let’s tell you about the steps for finding this bug

Steps:-

1-After creating two accounts (first as a hacker account ,second email as a victim account)

2-I go to reset password And you entered your email

3-I go to my email (hacker email ) then open link

4- I find page enter email ,password and repeat password

5-I filled in the blanks and intercept reuqest using burp site

6-I put victim email then forward

7-Igo to login page enter victim account and password you entered

wooow I log in to the victim's account

poc:-

Don’t forget to follow me, I have more stories waiting for you, friend, to tell you

Bye