.png)
3 years ago
155 BOOK THIS SPACE FOR AD
ARTICLE ADNow, Let’s takeover the admin account.
After some research, we have found that there is no separate login page for the admin user. Which means that the admin user might be preset over the same login page. So let’s find out the email address of the admin user’s so that we can takeover their accounts. We simply went on the “about-us” page of the website and found the Founder's email address. Now, Let’s takeover the admin account.
Steps-To-Reproduce:
Open the URL in two different tabs: https://dashboard.example.com/login and perform a password reset for both accounts in a consecutive manner using the email address. (i.e. A - Your Account, B - Admin Account)Now open notepad and copy the password reset link of account A in a notepad (i.e. https://dashboard.example.com/password-reset/form?token=12345)Now change the Token ID to the next consecutive number. (As the Token ID assigned in a consecutive manner, If your’s is 12345 then the Admin token ID will be 12346)Now use the modified link i.e. https://dashboard.example.com/password-reset/form?token=12346 and reset the admin password.Boom!! Admin Account Takeover.Impact:
Account Takeover Of Anyone
Timeline:
Bug Reported: Jun 2, 2021
Bounty Rewarded: $200 on Aug 5, 2021
Thanks for reading :)
Happy Hacking ;)
You can see many writeups coming up…
Feel free to message me if you have any queries related to Bug Bounty Hunting
LinkedIn: linkedin.com/in/HemantSolo
Website:- hemantpatidar.me
Twitter:- twitter.com/HemantSolo
Instagram:- instagram.com/hemant_solo
Bengali (Bangladesh) · 
English (United States) ·