IDOR which lead to account takeover
Hi guys,
This is my first blog/write up, So me and my friends first high severity vulnerability to get triaged is this one. Me and my friend were also really amazed when we found this one. So lets get on how we created this one.
We were as usually researching on the private program (External) and we found that forgot password feature can be vulnerable, We captured the request to burp suite and had a look at it, Here is an example of how the body of the request looked like:
So when We saw this, I thought about the content in the brackets, It was a base64 code, We thought that what if we decode it, We did the same and indirectly, Luck was with us. It decoded into an email (same as the decoded form in the screenshot), We thought i may takeover the account if we decode the string, Place other email and encode it, Then repeat the request. We were fortunate that it won’t work. But it literally worked. so,We spent no time in reporting it ASAP. This collaborative report was with my friend, He was also learning hacking with me so we thought to collab on a private program.
The report is now triaged, Got a good response from the report checker, Me and my friend are really happy that we now got a high severity report disclosed. Thanks to:
- bl4ckh4ck5 (For providing awesome challenges, Making my mind more problem solving enough to find this one)
- All members in Bounty Hunters discord server that kept no hesitations in helping me up.
So that's it, Hope you like my blog. Have a great day ahead!