Hi everyone how are you doing today? I hope you are doing great and scoring lots of bounties. Today's story is about a bug I found on public disclosure program which allows me to take over any user's account. It was a P4 issue but I didn’t report and chain it to P1. Without further ado let’s start
I don’t have permission to disclosure target information so let’s call it example.com. It was a normal website. There is not so much functionality, You can create an account, log in, change password, etc.
As always I create 2 accounts. I first…
Hi everyone I hope you all are doing great and scoring lots of bounties. I am Mohsin khan I am from India and I do bug bounty full time for 1 year now. I found lots of bugs in the last year.
Today I am sharing one of my finding which allows me to take over all users account. It was out of scope domain bug but they paid me a bounty ❤. Without further ado let’s start.
It was a private program and I don’t have permission to disclose any information about the target so let’s call it example.com…
powerful people make places powerful