- No doesn’t necessarily mean no.! Responses can always be manipulated
I hope everyone is healthy and staying safe amidst this COVID-19 pandemic.
On the brighter side, the pandemic gave me enough time at my disposal that I spent mostly on up skilling myself and of course finding bugs! and it was a pretty exciting for me as I discovered multiple Account Takeover vulnerabilities on a single private program and was able to closely work with the program to get things fixed and back in place.
In this write up I’ll be talking about one of the account…
- Login feature bypassed which leads to an Interesting Account Takeover
Hello guys! I am Avanish Pathak, I am a student currently perusing my Computer Science degree and I am an active Bug Bounty hunter. Today I would like to share one of my findings that I came across on one of the private programs, where I was able to gain access to any user’s/employee’s account of that application.
Brief about what is an Account takeover vulnerability? This is a type of vulnerability that allows an attacker to gain an unauthorized and full control of the victim’s account…
BCA | Cobalt Core Pen-tester @Cobalt_io| Synack Red Team member @Synack | Bug Bounty @Bugcrowd | Acknowledged by Google, Microsoft, Apple, and 30+