| My P1 — Account Takeover |
|
|
|
| HubSpot Full Account Takeover in Bug Bounty |
|
|
|
| Easy Account Takeover on dell subdomain |
|
|
|
| CentreStack Disclosure |
|
|
|
| Ransacking your password reset tokens |
|
|
|
| “2022: A Year of Fascinating Discoveries” |
|
|
|
| AWS SSRF to Root on production instance — A bug worth 1.75Lacs |
|
|
|
| In GUID We Trust |
|
|
|
| Bugcrowd — Tale of multiple misconfigurations!! ❌ |
|
|
|
| Android Application Forgot Password Token Leakage Leading to Account Takeover |
|
|
|
| Account takeover worth $1000 |
|
|
|
| We discovered major vulnerabilities in Control Web Panel. Here’s how we found them. |
|
|
|
| UN United Nations Host Header Injection leads to any Full Account Takeover (ATO) |
|
|
|
| ($$$) Origin ip to account takeover |
|
|
|
| Admin account takeover via weird Password Reset Functionality |
|
|
|
| How I Get Bounty From Takeover Account |
|
|
|
| Its all about 2fa bypass, or Account Takeover |
|
|
|
| How I Bypassed 2FA while Resetting Password |
|
|
|
| Bypass Rate Limit — A blank space leads to this random encounter! |
|
|
|
| Rate Limit Bypass at Readme.com |
|
|
|
| Password Reset to Admin Access |
|
|
|
| A tale of 0-Click Account Takeover and 2FA Bypass. |
|
|
|
| IDOR vulnerability on invoice and weak password reset leads to account take over |
|
|
|
| Gaining access through error-based SQLi using WebSockets |
|
|
|
| Host Header Injection Lead To Account Takeovers |
|
|
|
writeups.xyz
/
Password Reset