Hey there,

I am Deepak Patidar and Netowork security engineer with 7 year of experience,

This is my first writeup about “ Account takeover without user interaction”

This vulnerability can be found on password reset page, basically this vulnerability can be based on token generated for password reset which is sent to registered email for reset the user password

— -Step to Reproduce —

  1. Go to password reset page.
  2. Enter victim email address (victim@site.com)
  3. Intercept the request in burp suite
  4. Right clicks and do intercept — Response to this request
  5. Turn off intercept and i found the token (eHIbdHdJkUknnjiFwvhiBbcsBjJj) which is used for reset the password for victim user (Copy Token), which is use to send victim mail address
  6. Now go to browser and use URL (https://www.site.com/reset-password?token= eHIbdHdJkUknnjiFwvhiBbcsBjJj)
  7. This is like a amazing feeling because i got New password page for this particular victim user without accessing victim email inbox.

I hope its easy reproducible steps to understand methodology.

Thank you

You can reach me at:

Linkedin — http://linkedin.com/in/itsdeepceh

Network Security Engineer