maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:HackTricks-wiki/hacktricks

Browse Source
This commit is contained in:
Carlos Polop 2025-04-03 15:55:13 +02:00
commit afe4ea8fd5
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/pentesting-web/account-takeover.md
View File

@ -111,6 +111,12 @@ From [this report](https://dynnyd20.medium.com/one-click-account-take-over-e5009
This also happened in [**this report**](https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea).
### Bypass email verification for Account Takeover
- Attacker logins with attacker@test.com and verifies email upon signup.
- Attacker changes verified email to victim@test.com (no secondary verification on email change)
- Now the website allows victim@test.com to login and we have bypassed email verification of victim user.
### Old Cookies
As explained [**in this post**](https://medium.com/@niraj1mahajan/uncovering-the-hidden-vulnerability-how-i-found-an-authentication-bypass-on-shopifys-exchange-cc2729ea31a9), it was possible to login into an account, save the cookies as an authenticated user, logout, and then login again.\