$360 bug bounty | account takeover through reset password | hackerone bug bounty poc | most easy one
HTML-код
- Опубликовано: 9 авг 2021
- #education #easymoney #learnEthicalHacking #bugbounty #hacker #bugbountypoc
For education purpose only,
you can learn the numerous ways to do a security testing for a website or mobile apps.
like and subscribe to get notified with the latest exploits.
this should be way more than $360, insane vulnerability.
this looks so simple like just add another email address to it but you don't come up with it that fast
They arent priced in on how hard they are to hack, its how dangerous the exploit could be@krankenwagen7198
I agree, it will lead to escalating priviledges if an admin account password change was made. It may even bypass MFA depending on how the reset processes the info. For example, if it checks only the first or second email for verification, you could then swap the emails places with one that doesn't have mfa active.
Crazy! At Puter we would consider this a High severity vulnerability - no question; imagine if you chained it with email enumeration! 😨
This one is good. You should have programming knowledge as well to identify such vulnerabilities. Here the request's param are sent as an Object, so he decided to make a list datatype of emails where he can insert the attackers email and try to grab the reset pass link. Nice work ❤
Its array
There is no any need to programming knowledge to identify it ..
This youtube's recommendation is great ! Subbed
$360 for an account takeover seems pretty low. I mean yeah, you need the persons mail dress but this gives you access to there personal data they shared on the site.
This site generally don't pay bounty, but for this bug they paid out, that's why it is low.
It’s a nonprofit website, I doubt there will be valuable information on there.
Wow, nice share bro
hmmm param pollution it's awesome bro
glad i got recommended this, good find.
Think out of the box! Great one!
Great one ❤️
beautiful takeover
Just tried to do the same on our application but seems like we just send a GET request for password resets 😜
we need more "hackers" like you ❤❤
Beyond of my thinking
Good
What an insane vulnerability
Wowwwwww, Amazing man
Can we do the same process to hack social media accounts like Instagram
Can you make a tutorial please
360 is NOT enough!!
Genius buddy ✌🙂
how much do you earn per month through bug bounty?
wow that's amazing ❤
This happened to be on roblox just in 2020! I bet if you were the one to solve this you would have retired right then and there, lol.
Great bro
Are you manipulating packets? Why not just use the endpoint?
Will u share the proper impact for this vulnerability in details 💐💐💐
Attacker can change anybody's password, by receiving the password reset link for other user to his email.
@@HACKERFUDDI what was the tool u used
@@opensearch- burpesuite
absolutely nothing, he didnt show the victim email for a reason the reset links would have been different. the "attacker" email would have been resetting his own password
@@yobson he literally showed both the links at the end and they were the same
I don't understand... why would the backend accept an array as input for an email address? Sure this isn't a backdoor and not a bug?
The request's param are sent as an Object, so he could modify to make it a list (array) of emails, which UPChieve is going to send the email to.
@@rexurectionn But why would the backend not check whether it was passed an array or a single string? This is honestly such an unrealistic attack vector.
@@d1rex And besides that, BE literally has to loop over the array to send the email to multiple addresses or simply access array[array.length - 1] or array[0], I just don't see how this would be a real life situation except if it was done with the intention of a backdoor OR it could be because they parse the emails with a HOC which is used for a second email recovery system? But that would be just plain out idiotic.
@@MuffinologyTrainer probably the BE is using an external library for sending emails, with a function that accepts a string or an array of strings as a parameter.
Nice discussion guys.
But, whose account reset link will be sent? I mean, will the link reset victim's password or attacker's password?
The first email in the request.
It gives : the given data is invalid:(
Any solutions?
Nice!
Nice bro
nice bro
i am not an expert but is this the reason why csrf token exist right ?
Nope, this has nothing to do with csrf token.
How do you notice something like this? Are you testing for it every time you see a passwort reset?
yes must
What type of vulnerability is it?
request manipulation.
@@HACKERFUDDI thank you!
request manipulation
smart!
how did you discovered this, was it open sourced?
I didn't understood, what do you mean by open sourced?
@@HACKERFUDDI was the codebase for this application openly available . If not then how did you manage to discover it??
He means if it was black, grey or white box testing you did
360$ ? from google? bruh... you have been hijacked on your wallet
Easiest 360usd ever i guess!
Not easy to find now a days
How do u begin looking for these vulnerabilities
The mentality should be covering 100% of the domain. Rest depends on the person.
very good!
But Nice
Which tool did you use
Burpsuite
wanna collab?
wow
cool
good)
this video is bizarre, only $360 for such a huge vulnerability and random one or two word comments "good" "nice" "great one" from 30 different people
This whole world is bizarre. And this is just an poc bro, clam down.
So all u did was use bsuite and intercept email?
Yes, anybody can do this.
woow thats crazy
Wait so does this mean you reset password for both accounts using the link?
Nope, just for the first email.
@HACKERFUDDI I'm sorry I'm not understanding then, does this just allow you to reset others passwords then? Could you spoof their inbox or something is that why it's a bug?
I pay more
is there any free software which can do this
You can use burpsuite community, it's free.
same token get both attcker and victim?
You got it
nice job sir, how do i get better at this im pretty shit at it
Just reading and practice.
It takes time. beleive me your time won't get wasted.
Where to get sources to learn this?@@HACKERFUDDI
1st forget password link is there,now I again generate forget password link to my gmail. Now if I click 1st forget password link it's showing me to reset my password.,is it a Vulnerability or not? Plz tell me
Report it if:-
You can rest your password with both of the links.
@@HACKERFUDDI okay bro I'll check right now
vc e foda irmao
thats kinda cool
What's your linkdin I'd
Any good purpose?
@@HACKERFUDDI want to talk
@@HACKERFUDDIbro wants you to “hack his girlfriend” xd
How did the devs did that big mistake? WTF!
There mistakes are gold mine for me.
Bro how to u get victim account .
Both are created by me only.
@@HACKERFUDDI ok bro nice
does this even work anymore?
theres a reason he posted this.. its a bug report for reward
not working bro
It's fixed now.
@@HACKERFUDDI hats off to you replying to this old video
Bro how you expect to test on the same thing after the video is showed? Until the bug is available those videos are probably unlisted and he publish once they fixed it, he works for bounty not to teach you how to manipulate with protocols... anyway you miss the information
Now this is very rare i want to earn bounty to buy a laptop i use my friend laptop please suggest me how to start i am commerce student!!
@@Anonymous-to1ng just earned $2000 bounty in total 😁
@@DeepakKumar-ym1wr same same
@@Anonymous-to1ng can we connect
@@DeepakKumar-ym1wrمانوع الثغرة التي حصلت عليها
@@DeepakKumar-ym1wr how you got $2000?
Please explain the impact
It's self explanatory
@0:51 Instead of Password reset mail has been sent, it is showing ("email" must be a string), how to bypass it, help!!
That means that the parameter is not taking unwanted strings in the backend, it is secured.
can i do this with burp site community version?
Yes.
@@HACKERFUDDI yes thanks i already tested it
hacker play youtube? wkwkwk
Being productive.
Amazing..
wow