One Click To Account Takeover

OVERVIEW :

In target.com when we ask reset password , We will receive an email with a reset password link.

  • “X-Forwarded-For:”

Golden Tip :

I want to tell you a golden tip in this scenario , Should notice to mass assignment vulnerability. If i capture the reset password request , In body request i have a parameter in content-type of json:

EXPLOIT

To exploit this vulnerability , We have to enter victim email and capture the request after add “Url” parameter with my burp collaborators as value , Then forward the request. One click from user need till account takeover.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store