Black

@mbkartikreddy Read write-ups on Medium about Account Takeover

@Bl4ckSec congrats 🎉 can you share any resources so that i can learn too

🔴 IDOR Vulnerability Discovered an IDOR vulnerability in the Forgot Password feature. The issue is that the password reset token is not properly bound to the account email. An attacker with a valid reset token could change the password of another user’s account due to improper token validation. Example request structure: { "email": "victim@example.com", "newPassword": "NewPassword123!", "token": "VALID_RESET_TOKEN" } #bugbountytip #hackerone #infosec #BugBounty #Hacking

@Troll_13 Severity downgraded due to OTP

@Bl4ckSec shouldn't this be Critical? or i am missing something

1. Bypassing invitation code restrictions: The code is intended for single-use and should expire immediately after the first user joins. 2. Lack of email-to-code binding: The invitation code is not linked to a specific email address, allowing it to be used by any unauthorized email.

@Bl4ckSec Nice, what is the impact

I discovered a Race Condition vulnerability that allowed a single invitation code to be used across multiple accounts by accepting the invite from two accounts at the same time. In addition, there was insufficient validation of the account’s email address, which made it easier to exploit the issue and bypass the intended invite-only logic🔓. #BugBounty #bugbountytip #Hacking #InfoSec #CyberSecurity

@being__aman Great! 👏

@Bl4ckSec I reported this bug last year, interesting one😆

@Oluwakomiyo_ Yep

@Bl4ckSec You mean you could use thesame invitation code for multiple accounts?

لو مشوفتش حاجه حلوه النهارده تعالي اوريك البج دي FULL ACCOUNT WILL DIE 😉 بس ف VDP Program🦧 تم رجوع ميجاترون وستارسكريم للهنت يابشر☝🏻 خد اقرا ومتع عنيك😉❤️‍🔥 متجربش دا ف البيت لاحسن ال لاب يفرقع ف وشك😂❤️‍🔥 لينك الرايتب: @omaroymdm/full-account-will-die-ce9958bccb8b" target="_blank" rel="nofollow noopener">medium.com/@omaroymdm/ful… #megatron #starscream #bugcrowd

@SalhiMahdi72759 بالتوفيق ❤️

Salam Alaikum 👋 I launched a Telegram channel sharing real PoC videos, real bug bounty reports, and practical tips. 💰 $15 lifetime access If interested, DM me on Telegram... بارك الله فيكم 🤲 #bugbountytips #BugBounty #bugbountytip #Hacking #infosec

@ide9x بطل 😍👏

الحمدلله 🤍 My first Valid Critical report, A 0-Click ATO ✊ #BugBounty #InfoSec #CyberSecurity #BugHunting

@a7mad__n1 Congrats 👏

new bounty $$$🔥 Bug-type: Auth Bypass🫡 if you are interested to see real PoC, write ups,my google reports, self hosted programs, live bug hunting,and everything in Bug bounty, you can join my private channel,read details here t.me/a7madn1/141 #BugBounty #cybersecurity

@karanjagtiani04 Auth Analyzer

@Bl4ckSec Is there a way to automate this testing for similar vulnerabilities?

🔴 IDOR Vulnerability Missing validation of user's relationship with org_id. The system relies only on memoryId without verifying organization ownership. { "org_id": "152ace33-d28f-4c21-bb8a-0130fe64bb24", "memoryId": "9f3c2a41-7b8e-4d6a-a2f1-3e6c8d9b1a42" } Modify or delete other organizations' data by simply changing the memoryId. #BugBounty #bugbountytips #Hacking #infosec

@zbsogood It depends on the program's policy.

@Bl4ckSec i submitted few of these uuid idors but only got informative they argued there is no way for an attacker to obtain the id

@ElzgroW You can find endpoints that leak the UUID

@Bl4ckSec How u get uuid other user?

@bugoverfl0w He downgraded it

@Bl4ckSec Thanks, in your photo triaged with Critical

@nhyy_SA It depends on the program's policy.

@Bl4ckSec How was he accepted when he is a UUID?🧐

@Joyerz5 It only depends on memoryId.

@Bl4ckSec "Modify or delete other organizations' data by simply changing the memoryId." Need to change both org_id & memoryId, RIGHT?

@grandfathersaha I created a memory in a different account and replaced the ID

@Bl4ckSec How to change this memoryid?

@bugoverfl0w Medium severity.

@Bl4ckSec great, but why it is critical while UUID? and required PR Low or High?

@s7a6k I'm merely proving a validation failure.

@Bl4ckSec How you bro decrypting this id