Hello

Today I will tell you how I discover account takeover though insecure email verification.

I was randomly selecting a self-hosted program using the dork

I found one program which offer bounty for P1,P2 and P3. So, I decided to hunt on it. Let it name abc.xyz

I started enumerating the program urls from archive.org and collecting the subdomain from subfinder . Till the time I decided to move on to the manual testing as I am better in it than recon.

So, start from Account registration and created my account. I look for normal Account takeover like reset password or if any data being leak in response but found nothing. then at the end I verified my account. and notice a feature for Email change in settings

So, I changed my mail to new mail. but before this I requested a password reset link on an old email address. I changed my mail and verified the account . after this I used the Reset password link and noticed that this link worked without any error and the password for the new email was changed without any error or anything.

so using my old email reset link I changed the password for new mail.

I reported the issue to the team and within 1 day I got the response from them.

I got bounty for reporting this issue to them.

Thank you for reading if you enjoy it clap 50 times

New articles Dropping soon

Connect with me
Linkedin: https://www.linkedin.com/in/jeet-pal-22601a290/
Instagram: https://www.instagram.com/jeetpal.2007/
X/Twitter: https://x.com/Mr_mars_hacker

And here’s something special for you! 🚨

Join a community of 2,900+ security researchers on our Discord server, where we discuss Web3 vulnerabilities, audits, and much more! 🚀
👉 Join the server here! : https://discord.gg/Y467qAFM4X