How I did Full Account Takeover (FATO) using forgot password link?

Password Reset URL
User Id exposed in reset password response
  • When testing for A07:2021, always look at other functionalities too, like how are they generating the reset link, CSRF Token, etc.
  • Always test every parameter, even if it seems low hanging and you might think that this must be reported earlier by another researcher. But you do not know, you might be lucky and exploit such Low Hangings and make easy bounty:)
    Happy Hacking ✌️

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aman Srivastava

Aman Srivastava

Don’t know what to do apart from hacking:)