Open in app
Mahmoud Mohamed
43 Followers
About

Sign in

Open in app

Pinned

Misconfiguration in Change-password Functionality Leads to Account Takeover

Hello everyone,

We are Mahmoud Radwan and Mahmoud Samaha (0x2m) and this is our first Write-Up ever.

This Write-Up describes How we could Takeover any account on a site using some misconfigurations in Change-Password Functionality.

We were testing a private program so let’s call it site.com, so let’s start our Journey.

While going throw the sandbox environment that is for testing porous (sandbox.site.com) we notice a change password function.

So we opened the Burb-Suite and intercept the request looking for any issue and we catch this request and start analyzing it

So as you can see we found this Header…

Read more · 3 min read

Mahmoud Mohamed

About

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store