Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm

3 years ago 207
BOOK THIS SPACE FOR AD
ARTICLE AD

I spoofed access to other people’s email in order to pre-steal user accounts before they are first registered. Here’s how I did it.

Photo by Markus Winkler on Unsplash

One thing I always test while hacking on bug bounty programs is how applications generate tokens. Tokens are used for things such as password resets, email address verification, one-click sign-in, etc.

Read Entire Article