> For the complete documentation index, see [llms.txt](https://giongfnef.gitbook.io/giongfnef/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://giongfnef.gitbook.io/giongfnef/bug-bounty/1-click-account-take-over.md).

# 1 Click Account Take Over

* This is a write-up about a highly interesting bug bounty case from our team. It's a business logic issue that could lead to an Account Takeover with just one click. It's quite exciting to contribute to the [Hacktrick ](https://book.hacktricks.xyz/pentesting-web/account-takeover)with this finding.

<figure><img src="/files/8HRD9MXyXrzo67eqgIxl" alt=""><figcaption></figcaption></figure>

### TIP:

* Attacker requests to change his email with a new one
* Attacker receives a link to confirm the change of the email
* Attacker send the victim the link so he clicks it
* The victims email is changed to the one indicated by the attacker
* The attack can recover the password and take over the account

> **You can also read the full blog in this:**

{% embed url="<https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea>" %}

Thanks for reading, have a nice day :heartbeat:
