📧Readme
💰Bug Bounty
- Business Logic: Bypass 2FA to ATO
- 1 Click Account Take Over
🥑CVE
- CVE-2024-40492: Stored XSS to ATO
- CVE-2023-5311
☕Writeup CTF
🍄Linh tinh ký sự
- 📚Books
- note linh tinh
  - 🐞Bug logic Shopee: Giảm 5-10% khi mua sản phẩm ?
  - 💎Financial Aid Application for Coursera
🫖Wargame && Others

Powered by GitBook

On this page

1 Click Account Take Over

Note : TEAMWORK IS THE KEY

PreviousBusiness Logic: Bypass 2FA to ATO NextCVE-2024-40492: Stored XSS to ATO

Last updated 6 months ago

This is a write-up about a highly interesting bug bounty case from our team. It's a business logic issue that could lead to an Account Takeover with just one click. It's quite exciting to contribute to the Hacktrick with this finding.

TIP:

Attacker requests to change his email with a new one
Attacker receives a link to confirm the change of the email
Attacker send the victim the link so he clicks it
The victims email is changed to the one indicated by the attacker
The attack can recover the password and take over the account

You can also read the full blog in this:

Thanks for reading, have a nice day

💓

One-click Account Take OverMedium