Monday, 6 July 2020

Account Takeover Poc
Account Takeover Poc


Hi,This is Mubassir Kamdar how are you all hope doing great work and making good money.So today i will discuss on my last month finding in which I was able to takeover any account on private program




So I started my hunt by doing subdomain enumeration for doing subdomain enumeration I go with tools like aqautone , sublister and knockpy ... so after finding some subdomains of target web let's check the for the vulnerability name Subdomain Takeover but un luckily i did't find any

now i came to main target.com and try to enumerate all functions by going to target.com help center which is help.target.com and wrote down all functions in my dairy .. after reading and understanding all functionality of target.com let's just simply create an account ...

then i check all the functions for CSRF And IDOR vulnerability but did't get any success

now after some disappointment i simply go to logout and logout my account on target.com

after taking some break i again open my laptop but this time i forgot my account password now i simply come to reset password option and put my email there and intercept the request using proxy tool



I try Host Header injection and X-Forwarded-Host: header in it but unluckily i did't receive a reset password token with my malicious host

if you check the link which i showed you above you can see that there is a suspicious looking parameter name resetPasswordUrl=http://target.com i just change resetPasswordUrl=http://target.com to resetPasswordUrl=http://www.mubassirkamdar.com/

and forward the request

when i saw my email , I saw that http://www.mubassirkamdar.com/ was replaced with http://target.com and the token was like http://www.mubassirkamdar.com/auth/password/new?token=xyzxyzxyzxyz

Reported the issue

reply : we are looking into it

Bounty: still waiting for it hope it will be a good $$$$

Mubassir Kamdar is an Ethical Hacker And Security Researcher from Karachi,Pakistan. With over years of experience in cyber security, Mubassir Kamdar identified major security flaws in world's well known companies. This includes Eset, Facebook, Uber, Sony and many others. A huge number of Halls of Fame and Certificates were rewarded as a token of appreciation from these companies.

2 comments:

Start Work With Me

Contact Us
Mubassir Kamdar
I can't share
Karachi, Pakistan

Search This Blog

Powered by Blogger.