1 Click Account Take Over

Note : TEAMWORK IS THE KEY

  • This is a write-up about a highly interesting bug bounty case from our team. It's a business logic issue that could lead to an Account Takeover with just one click. It's quite exciting to contribute to the Hacktrick with this finding.

TIP:

  • Attacker requests to change his email with a new one

  • Attacker receives a link to confirm the change of the email

  • Attacker send the victim the link so he clicks it

  • The victims email is changed to the one indicated by the attacker

  • The attack can recover the password and take over the account

You can also read the full blog in this:

Thanks for reading, have a nice day ๐Ÿ’“

PreviousBusiness Logic: Bypass 2FA to ATONextCVE-2023-5311

Last updated