Hello hunters, Hope you doing good.
I want to share you something about my finding, Which went DUPLICATE.
Lets dive into the topic.
Assume the program name Redacted.com .
Attack Vector :
- Application contains forget password functionality. Enter the victim email-id, capture the request and response.
2. In response I observed a token transmission. Got clarity after checking the inbox. That the token belongs to Reset password.
3. Crafted the reset-password link by using “Token” value from the response :
4. BOOM ! Successfully changed the victims password and access the account.
This is my first blog. Thanks for reading :)
GOOD LUCK ! Happy Hunting.