writeups.xyz / Admin account takeover via weird Password Reset Functionality

Submitter : c2a

Date: 2 July 2022

Bounty : undisclosed

Vulnerabilities :

• Account Takeover
• Authentication Bypass
• Password Reset

Programs :

• Undisclosed

Authors :

• Mahmoud Youssef (@0xmahmoudjo0)

Link :
https://0xmahmoudjo0.medium.com/admin-account-takeover-via-weird-password-reset-functionality-166ce90b1e58