.png)
3 years ago
372 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi today i want to tell you ,how i found account takeover at hackerone private program.
I spend 10 hours in one domain.I does not found anythings.I try to re-register my account.It ok
Step to reproduce
Go to https://redact.com/loginLogin with gmail oauth eg: vitcim@gmail.com ( You got account using gmail account’s info)Logout and go to register pageEnter email as vitcim@gmail.com , password is 12345 and click create new account.You got email verify page.You can not access vitcim@gmail.com for verify .So close tab :3.Go to login page and login with your re-register credi ( email = vitcim@gmail.com & password = 12345 )You access the vitcim ( vitcim@gmail.com) ’s account without any verify.
I report to private program via hackerone.They accepted my report.and pay me $2048 .
Thank for reading.See you in next bug.
Bengali (Bangladesh) · 
English (United States) ·