#3 Account Takeover | 2FA Bypass | Bug Bounty POC | CyberTron |
ฝัง
- เผยแพร่เมื่อ 15 ต.ค. 2024
- Bug Type - Improper Authentication - Generic CWE-287
Steps To Reproduce:
1. First we click on login and then click to forget password to reset the existing password.
8001177696 this number is already registered but the number is not exists in real life. So we
will do the reset with a valid number and valid OTP.
2. We used a valid number- 8945971332 to reset the password of the account.
3. Then we put the valid OTP and capture the request via Burpsuite
4. Will forward the request to until we get response from the server
5. Now we will copy the entire response and store it to a safe place. You can see in burpsuite
Set-cookie section, there is a generated token which is valid to a limited time. And in the
entire response there is 2 parameter which noting the phone number
6. After copying the response, start again to reset the password on victim number 8001177696
7. Now we will click reset password and put a random OTP e.g 000000
8. Now we capture the verification request through burpsuite and forward
it until we get response from server.
9. We got the response from server but the cookie is changed due to new
number verification. So we need to change the response with the old one
which we captured with the valid OTP (step 5)
10. Now we need to change the parameter of phone number. Find the
phone number parameter from the response and replace it with victim
phone number 8001177696
11. Forward the request and we are done. We bypass the OTP verification.
Now we can successfully change the password.
12. And we are done. We successfully takeover the account of victim via
bypassing the OTP Verification
References - infosecwriteup...
intro kaha se banaya bhai
adobe
Tylko nie pomyl programów
jeśli wprowadzanie zamieszania w aplikacji czyni ją podatną na ataki, to dlaczego nie?
@@brutsecurity zależy do czego to pszerabiasz
A pozatym umiesz polski?
any bounty
no, they got raided by ED & CBI for money laundering
@@brutsecurity 😃😃