writeups.xyz / UN United Nations Host Header Injection leads to any Full Account Takeover (ATO)

Submitter : c2a

Date: 13 August 2022

Bounty : undisclosed

Vulnerabilities :

• Host Header Injection
• Password Reset
• Account Takeover

Programs :

• United Nations

Authors :

• Ahmed Hassan

Link :
https://medium.com/@Bishoo97x/un-united-nations-host-header-injection-leads-to-any-full-account-takeover-ato-795bc9ebc670