Dancylove
  • Home
  • General news
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Technology tips
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Software
  • Home
  • General news
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Technology tips
    10 TEST TO HELP YOU FIND A career that suits you

    10 TEST TO HELP YOU FIND A career that suits you

    The threshold for human ear sounds. How much can you hear?

    The threshold for human ear sounds. How much can you hear?

    How to fix vcruntime140.dll is Missing Error on Windows

    How to fix vcruntime140.dll is Missing Error on Windows

    A small tool that disables dangerous Windows features

    A small tool that disables dangerous Windows features

    Basic User Mistakes About CPU ???

    Basic User Mistakes About CPU ???

    The world’s largest forum announced the number of daily users for the first time

    The world’s largest forum announced the number of daily users for the first time

    In which, on which, for which, of which is what? Distinguish

    In which, on which, for which, of which is what? Distinguish

    What is look like, look for, look to, be like & How to use

    What is look like, look for, look to, be like & How to use

  • Software
No Result
View All Result
Dancylove
No Result
View All Result
Home Technology tips

How to hack the Reset Password feature on the Website to gain User rights

How to hack the Reset Password feature on the Website to gain User rights

by admin
June 21, 2022
in Technology tips
463 30
0
How to hack the Reset Password feature on the Website to gain User rights

How to hack the Reset Password feature on the Website to gain User rights

740
SHARES
3.5k
VIEWS
Share on FacebookShare on Twitter

 

This article is about a vulnerability that Tameem Khalid, a cybersecurity researcher and security analyst, exploited and poisoned the password reset (Reset Password) feature.

>> How to hack Bypass AntiVirus on your computer

>> How to Use HTML to Hack Websites – HTML INJECTION

Contents

  • 1. Poisoning the Reset Password feature?
  • 2. Attack scenario
  • 3. Conclusion

1. Poisoning the Reset Password feature?

Poisoning the Reset Password feature is a technique that helps attackers manipulate a vulnerable website to create a reset password link pointing to their domain. This behavior can be used to steal the secret tokens needed to reset a user’s password and ultimately compromise their account.

For the privacy of the application, I will take the redacted.com website as an example. Like every other web app, it has a password reset feature. So I’m going to start mining it.

This is one of those great checklists you can check out while hunting. https://github.com/harsh-bothra/HowToHunt

After analyzing the request, I only noticed an unnecessary parameter named “callback”. Request as below:

 We need to look at this request for a bit. And now you know what to do, right?

I changed the parameter value “callback” to the payload of Burp Collaborator and checked if it was executed. And the result is like this:

Burp Collaborator’s payload has been executed and the reset password link has been changed with the token. When the victim clicks on this link, the password reset token is sent to the attacker’s server.

2. Attack scenario

  • The attacker obtains the victim’s email address or username on request and sends a password reset request on their behalf. When submitting the form, they intercept the HTTP request and modify the “Callback” parameter so that it points to a domain they control. For this example, I used Burp Collaborator.
  • Victims receive a master password reset email directly from the website. It contains a link to reset their password and, importantly, a valid password reset token associated with their account. However, the domain in the URL points to the attacker’s server: https://7iq969dpiaezim94zc2qtknodfj57u.burpcollaborator.net/k1NMNAoPAUJA5U2NqvgejuAUvZJR182UJyA4MXJfLWtIMIUCtpZEMogQUstW
  • If the victim clicks on this link (or it is fetched in some other way, such as by an anti-virus scanner), a password reset token is sent to the attacker’s server.
  • The attacker can now visit the actual URL of the vulnerable website and provide the victim’s stolen token via the corresponding parameter. They will then be able to reset the user’s password to whatever they like and log into their account.

3. Conclusion

Hacking with the Reset Password feature is one of those attacks that is more practical than theoretical, often used as in bug bounty programs. Web developers should consider creating a whitelist of trusted domains during the initial setup of the application.

Previous Post

What is Web5?

Next Post

How to text iMessage on Android and Windows

admin

admin

Next Post
How to text iMessage on Android and Windows

How to text iMessage on Android and Windows

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular

  • How to take advantage of Google Colab as a free VPS

    How to take advantage of Google Colab as a free VPS

    1251 shares
    Share 500 Tweet 313
  • How to fix m.youtube keep showing as mobile version on a PC browser?

    1075 shares
    Share 430 Tweet 269
  • PoC CVE-2021-40444 – Attach Virus to Word File

    740 shares
    Share 296 Tweet 185
  • Install Windows 10 on Google Cloud (updated 03/2021)

    925 shares
    Share 370 Tweet 231
  • 4 super convenient and extremely convenient tips on Windows 10 you may not know

    939 shares
    Share 376 Tweet 235

About

  • Home
  • Contact
  • About
  • Policy

Recent hot posts

  • API Security 101: Injection
  • Tool InstallerFileTakeOver escalates Admin privileges on Windows 10/11
  • PoC CVE-2021-40444 – Attach Virus to Word File
  • DDosify – Website DDoS load testing tool
  • How to install Windows 11 without a Microsoft account with Rufus
July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Jun    

My blog is a place to share technology tips, best tips. Please follow and support me.

DMCA.com Protection Status

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • General news
  • Technology tips
  • Software

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In