Education Technology cybersecurity Web Application Security
It's Steiner254
It's Steiner254

@Steiner254

22 Tweets 4 reads Nov 13, 2022
Twitter
Day 0⃣4⃣/2⃣0⃣ -- [Hacking A Web Application Via Password Change Functionality]
➡️ Day 4, Hack A Web Application Via "Password Change Functionality"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips "No Resting Only Hacking!"
1/n
All about password reset vulnerabilities by @InfoSecComm
infosecwriteups.com
infosecwriteups.com
2/n
Password reset poisoning and web cache poisoning
skeletonscribe.net
www.skeletonscribe.net
3/n
SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE
forum.portswigger.net
forum.portswigger.net
4/n
CSRF on changing the password
hackerone.com
hackerone.com
5/n
Weak Password Reset Implementation - Token Leakage via Host Header Poisoning
@sathvika03/weak-registration-implementation-64c94c702a7c" target="_blank" rel="noopener" onclick="event.stopPropagation()">medium.com
medium.com
6/n
Weak Password Reset Implementation - Rather than generating a new password for the user, some applications will send the user their existing password. This is a very insecure approach, as it exposes their current password over unencrypted email.
7/n
Weak Password Reset Implementation - Token is Not Invalidated After Use
8/n
Password Reset token/link is not invalidated after use
youtube.com
9/n
10 Password Reset Flaws
anugrahsr.github.io
anugrahsr.github.io
10/n
Password link encoded in base64.
youtube.com
11/n
Reset password bypassing the current password.
youtube.com
12/n
Password Reset Link Leaked In Refer Header In Request To Third Party Sites
hackerone.com
hackerone.com
13/n
Account Takeover via Host Header Injection
securiumsolutions.com
securiumsolutions.com
14/n
Token leakage via Host Header Injection
vulners.com
vulners.com
15/n
Authentication vulnerabilities cheat sheet
cheatsheetseries.owasp.org
cheatsheetseries.owasp.org
16/n
Top 5 web app authentication vulnerabilities article
veracode.com
www.veracode.com
17/n
No Rate Limiting Leading to email flooding
hackerone.com
hackerone.com
18/n
Username Enumeration
hackerone.com
hackerone.com
19/n
“Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality
infosecwriteups.com
infosecwriteups.com
20/n
Remote Command Execution(RCE) Vulnerability PoC
youtube.com
n/n
Practice Makes Perfect!
Have a lovely weekend, Don't Drink & Drive!
Happy Hacking :)
See you here same time tomorrow!

Categories

Education Technology cybersecurity Web Application Security

Some tweets missing

Loading suggestions...