作者通过IDOR(不安全直接对象引用)发现了账户接管漏洞。在注册过程中发现服务器未验证邮件和电话号码,在篡改请求参数后成功绕过验证并重置他人密码。最终报告问题并获得低级别漏洞奖励。 2025-9-7 14:44:17 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏
Hello Everyone,
Today, I want to share my experience of discovering an account takeover (ATO) vulnerability through IDOR. Let’s dive right in!
So, hunting starts with a random program selection let call it example.xyz
I started hunting with enumerating subdomain and checking if there is any possible subdomain takeover but there is nothing found.
I use my waybackurls to grab previous url’s from the example.xyzand started hunting manually. I visited the signup page and started the registration process while the burp suite is on backend I register myself with Just confirming my mail and phone number While I notice a POST is sent to server with my mail and the following information with zero Authentication Header or cookies just like I am not logged in
{
"id": "67274f46-b5d8-4826-bf29-d1584a195cfa",
"email": "[email protected]",
"phase": "phone_number",
"country_code": "91",
"phone_number": "123456789",
"verification_id": "46ab8b35-0722-4652-a76c-e3c3b2642df0"
}Then I created my second account and took the ID from that particular account and changed the field of the ID parameter in request to second account. After verifying a valid mail and number, I got surprised the server accept other number and mail without verification. the server validates the information without checking it. so, I just change the Email and phone of second user to my own and here the tricks come. I just go to forget password page and enter mail verify the mail got you to set new password. I just created that but after that there is a phone verification which also bypass since the server is not validating the phone number while change from request I go OTP too on my phone.
Press enter or click to view image in full size
So, I just reported the Issue after 5 Days I got the reply from the team a bounty for Low
Press enter or click to view image in full size
I asked the reason for Low for a zero click they said
Press enter or click to view image in full size
Thank you for reading if you enjoy it clap 50 times
New articles Dropping soon
Connect with me
Linkedin: https://www.linkedin.com/in/jeet-pal-22601a290/
Instagram: https://www.instagram.com/jeetpal.2007/
X/Twitter: https://x.com/Mr_mars_hacker
And here’s something special for you! 🚨
Join a community of 2,800+ security researchers on our Discord server, where we discuss Web3 vulnerabilities, audits, and much more! 🚀
👉 Join the server here!: https://discord.gg/Y467qAFM4X
Note: I just republish it with more information to share
如有侵权请联系:admin#unsafe.sh