Just as I thought I was reaching the end of my target asset, without any vulnerabilities discovered(I knew it would be a challenging opponent), I ran into an interesting function, I don’t want to give away too much information because that would violate the policy, but I’ll share as much as I safely can, this function allows you to log in to any one of your accounts, but that wasn’t interesting to me, what was interesting was the fact that one of the requests only sent in an ID value without any password, I recognized this value because I’ve run into it before, but It had no password this time and red lights went off in my head. I spent all the time I had for hacking today toward this function, as of now, I’ve only discovered a pre-registration account takeover, I’m honestly not sure how good this is for me to report and guarantee a bounty reward because I can already see possible scenarios in which it can be accepted or rejected, but for now, that won’t be my focus, my focus will be on this function and all it has to offer me, I’ll be trying my best to break, hack, and do whatever I possibly can to abuse it, and hopefully on the other side of all that work - vulnerabilities await me :)
Thank you for taking the time to read through my post. Take care.
For updates — Twitter: https://twitter.com/wallotry/
To send me private program invites — HackerOne: https://hackerone.com/wallotry
