writeups.xyz / Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference)

Submitter : c2a

Date: 22 June 2019

Bounty : 1,200

Vulnerabilities :

• Password Reset
• IDOR
• Account Takeover

Programs :

• Undisclosed

Authors :

• Muhammad Asim Shahzad (@Protector47)

Link :
https://web.archive.org/web/20201001064738/https://medium.com/@protector47/password-reset-vulnerability-full-account-takeover-insecure-direct-object-reference-c4a9a3ea8268