- No doesn’t necessarily mean no.! Responses can always be manipulated

Hey Everyone,
I hope everyone is healthy and staying safe amidst this COVID-19 pandemic.
On the brighter side, the pandemic gave me enough time at my disposal that I spent mostly on up skilling myself and of course finding bugs! and it was a pretty exciting for me as I discovered multiple Account Takeover vulnerabilities on a single private program and was able to closely work with the program to get things fixed and back in place.

In this write up I’ll be talking about one of the account…


- Login feature bypassed which leads to an Interesting Account Takeover

Introduction :
Hello guys! I am Avanish Pathak, I am a student currently perusing my Computer Science degree and I am an active Bug Bounty hunter. Today I would like to share one of my findings that I came across on one of the private programs, where I was able to gain access to any user’s/employee’s account of that application.

Brief about what is an Account takeover vulnerability? This is a type of vulnerability that allows an attacker to gain an unauthorized and full control of the victim’s account…

Avanish Pathak

BCA | Cobalt Core Pen-tester @Cobalt_io| Synack Red Team member @Synack | Bug Bounty @Bugcrowd | Acknowledged by Google, Microsoft, Apple, and 30+

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store