BUG Account Takeover VIVA.CO.ID

3 years ago 174
BOOK THIS SPACE FOR AD
ARTICLE AD

jowi

Hello Peeps! Here’s is my write-up BUG Account “Takeover VIVA.CO.ID”

Image for post

Image for post

The definition of account takeover (ATO) or account takeover fraud is obtaining a legitimate user’s details to take over their online accounts, possibly enabling monetary or credit card theft. ATO can happen with an automated script that enters the credentials en masse or with a human typing them and accessing the account. The goal of ATO is to make a profit using the value of the account.

Sc : https://nudatasecurity.com/resources/blog/what-is-account-takeover/

I Can Login / Account Takeover With Email [Broken Authentication]

Register VIVA.CO.ID With Account FacebookDirect to “Register Provider”

Image for post

Image for post

Register Provider

3. Open Burpsuite , And Click “Intercept is on”

4. Change Email Fake To Email Victim

Image for post

Image for post

%40 = @

5. Click Forward

Image for post

Image for post

Report BUG : 23 Feb 2019

VIVA.CO.ID Respon Bug Valid : 25 Feb 2019

Bug Fixed : 10 March 2019

Reward??? ikgjdhsofoisjfsdd no bruh

Image for post

Image for post

Thanks for reading . Happy Hunting .

Read Entire Article