| Breaking the Barrier: Admin Panel Takeover Worth $3500 |
|
|
|
| Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens |
|
|
|
| How a Single Parameter Led to Two ATO Cases |
|
|
|
| Taking over accounts in multiple ways |
|
|
|
| Hacking Swisscom’s End-to-End Encrypted Cloud Storage for $4,000 |
|
|
|
| Account Takeover [It Looked Secure at First] |
|
|
|
| Null Byte on Steroids |
|
|
|
| Jumpserver Preauth RCE Exploit Chain |
|
|
|
| Chaining IDOR and Host Header can takeover 18 Billion of users account |
|
|
|
| Secret Input Header leads to Password Reset Poisoning |
|
|
|
| Understanding GitLab EE/CE Account TakeOver (CVE-2023-7028) |
|
|
|
| IDN Homograph Attack - Reborn of the Rare Case |
|
|
|
| Account takeover vulnerability that resulted in $2500 bounty! |
|
|
|
| $1,250 worth of Host Header Injection |
|
|
|
| From Revealing Emails to Taking Over Accounts (Hacking Telecom) |
|
|
|
| 0 Click ATO with the Sandwich Attack |
|
|
|
| Account (of the CEO) Takeover via Password Reset |
|
|
|
| IDN Homograph Attack and Response Manipulation - The Rarest Case |
|
|
|
| A Classical Account Takeover Case via Multiple Bypasses |
|
|
|
| How we tried to book a train ticket and ended up with a databreach with 245,000 records |
|
|
|
| Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset API |
|
|
|
| Rate Limit Bypass Leads to 0 Click ATO |
|
|
|
| Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining |
|
|
|
| How I was able to change password of any corporate user |
|
|
|
| CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus |
|
|
|
writeups.xyz
/
Password Reset