all InfoSec news
My First Pre-Auth Account Takeover in 20 secs
InfoSec Write-ups - Medium infosecwriteups.com
Hello All, this is my first account takeover writeup and I hope it helps everyone. Taking over another user’s account is something that amazes everyone. There are several ways in which we can perform “Account Takeover”, but the one which I got is a bit interesting!!!
Note: The domain and other details have been masked to maintain Confidentiality.
Forgot Password is the best possible feature where most of the “Pre-Auth” account takeovers happen, so I started playing around …
account account takeover auth business-logic confidentiality domain email hacking hello hope password request security takeover takeovers victim web app security writeup