Monday, July 8, 2024

The Reset Password Attack Vector

 

Hey Guys,

Recently I have seen this attack vector mostly.
While resetting the password check for any redirect,callback,returnurl paramters in the post body.

Or try to param bruteforce it using any tool like param miner.
and try to change it to a custom bind payload.


and try that you getting the payload link in the email.

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Android pin bypass with rate limiting

  • Idor in google product
      Description : Attacker can able to delete any file with vulnerable endpoint ..! Endpoint : POST /u/4/deleteShareable?appVersion=20190926_...
  • Creative Android pin bypass with Race conditon
      Hitting main activity multiple times app allowing to view any activity inside an app. without even entering the mobile pin. Bug ;- Applica...
  • Android pin bypass with rate limiting
      Application pin rate limiting bypass The bug is in private program . There is a feature to lock mobile app with pin . But only 3 attempts....