Misconfiguration in Change-password Functionality Leads to Account Takeover

Hello everyone,

We are Mahmoud Radwan and Mahmoud Samaha (0x2m) and this is our first Write-Up ever.

This Write-Up describes How we could Takeover any account on a site using some misconfigurations in Change-Password Functionality.

We were testing a private program so let’s call it site.com, so let’s start our Journey.

While going throw the sandbox environment that is for testing porous (sandbox.site.com) we notice a change password function.

So we opened the Burb-Suite and intercept the request looking for any issue and we catch this request and start analyzing it

So as you can see we found this Header…

Mahmoud Mohamed

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store