How can I (Account-Take-Over) any Account ? (2)

- First of all, let’s understand the website

- The site was a platform and each user has a profilewebsite was using a value for any change or any movement on the website that uses the Userid valueUserId valueI started trying to understand the website, and I discovered that the userId is responsible for everythingI saw that the site, if you want to change the profile or update your account information, uses the userid valueSo This means that the site does not check the cookie or the jwt token, but it checks the value of the userid

After I knew that it depends only on the userid, I said, “I want to know this value, how does it arise or how does it happen?”

I created a second account to see if the userid value is similar or not, but unfortunately it turned out to be completely differentI tried to check the js files to see if there is a specific algorithm to create the userid value or not, but unfortunately I didn’t get anythingThe Next day I completed checking the site and I forgot the idea of the useridWhile checking the site, I was inside one of the profiles and opened the source codeCTRL+ F -> UseridI was shocked when I saw the userid value in the source codeSo, I went to the profile, right with the second account, and took the userid valueI did update email for my first account and changed the userid value to my second accountSo I was able to change the account email, and thus I could Account-take-over on the platform without any interaction from the user!

— — — — — — — — — — — — — -
Takeaways :

Always check the source codeUnderstand how the website works

thank you for reading

Wlc To my Twitter :
https://twitter.com/@omarzzu