How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?
Greetings, readers! I am Vivek Kumar Yadav a cyber-security researcher from India, and I am excited to share my recent discovery of an account takeover vulnerability that allowed me to access a victim’s account without any credentials or interaction from the victim. In this write-up, I will explain the details of the vulnerability, and the steps I took to reproduce it.
I was invited by a Web3 company to test their online infrastructure for Security vulnerabilities. During the sign-up process, I noticed that they were using Google OAuth, which prompted me to investigate further. The application requested permission to access the user’s contacts, and before granting this permission, I added the victim’s email address to my Google contacts list.
Next, I proceeded to sign up for the application using Google OAuth. After successfully logging into the dashboard, I noticed an option to invite friends to use the application. When I clicked on the “Friends” menu option, a list of all my Google contacts appeared, including the victim’s email. I clicked on the victim’s email to add it as a friend, but I intercepted the request and checked its response. To my surprise, I found that this action generated a link in the response, which I copied and opened in a separate browser.
The link successfully logged me into the victim’s account without requiring any verification. This gave me unrestricted access to the victim’s account, including the ability to view, modify, or delete sensitive information, set or change passwords, and enable two-factor authentication.
I responsibly disclosed the vulnerability to the company’s cyber-security team, and they awarded me a bounty reward of $1800.
However, this experience highlights the importance of addressing such vulnerabilities promptly to prevent attackers from exploiting them. Companies must prioritize user account security by conducting thorough security testing during the development process to ensure a safer and more secure online environment.
Thank you for taking the time to read my write-up, and I look forward to sharing more of my experiences with you in the future. Feel free to connect with me on LinkedIn and Twitter.
Cheers! — 0xd3vil