.png)
1 year ago
77 BOOK THIS SPACE FOR AD
ARTICLE ADHello everyone, today I’m going to talk about a bug I have found only once and other hackers told me it’s kinda rare, but It’s so simple to look for that I really feel like it’s worth it to try.
So let get started…. Everybody here probably has used that option that let you use google, Facebook, LinkedIn or any other social media to log in a new website as most part of the time it is an easier and faster option as you can just click a button and the work is done, the bug that I have found is in this option.
So, how I found it?!
I was testing a website that had this option, as I always use more than one account when testing websites I decided to get one using the “sign in with google” option, after a few minutes just looking for the options I had after logged in I decided to try to get any information about my account, I started at the sign up page, my first try was to sign up again using the email that is used by the account that I created using the “sign in with google” option and for my surprise it did let me get a “new” account with the same email, in this website it would not let me just log in right after creating the account, it would send a confirmation email, because of that you may think that it’s not so serious, well actually it’s, because the official website would send an email to real account’s owner so the chances of the person confirming it is really high, after I confirmed the account with the email I had received I was able to log in both with the password I chose and using the “sign in with google” option, and as you probably noticed I said a “new” account because it was actually the same account.
So, the workflow to test it is really simple:
1) Get an account using the “Sign in with” option
2) Go to sign-up page
3) Try to get another account with the same email
I hope you have enjoyed it and got to learn something new :)
Bengali (Bangladesh) · 
English (United States) ·