Biscuit's Bug Bounty Playbook
  • ๐Ÿ‘‹Introduction to Biscuit's Bug Bounty Playbook
  • Mains
    • ๐ŸงพResume For Cyber Security Freshie
    • ๐Ÿ“—Browser extension
    • ๐Ÿ“€POC Videos YT Channel
    • ๐Ÿ“บ55 YouTube Channels To Learn Hacking
    • ๐Ÿ‘€Hackers to Follow on Social Media
      • Twitter
      • Medium
      • YouTube
      • GitHub
      • Discord Server
      • Security GitBooks
    • ๐Ÿ…Learn The Basics
      • ๐ŸŽ–๏ธType Of Cyber Security
      • ๐ŸฅˆCommon Job Roles
      • ๐Ÿฅ‰Get Started With InfoSec
      • โš•๏ธBest Bug Bounty Platform
      • ๐Ÿ—ž๏ธBest InfoSec Writeups Website
      • ๐ŸชHacking Books
      • ๐Ÿฅ‚CLI Commands
      • ๐Ÿ’ฟLearn WSL
    • ๐Ÿง‘โ€๐Ÿ’ปFun Programming Codes
    • ๐Ÿ”ฎBuild your own Bug Bounty Methodology
    • ๐ŸŽดBug Bounty Checklist
  • Bug Bounty Reports & Articles
    • 0๏ธโƒฃIndex
    • 1๏ธโƒฃTakeover's (Accounts, Sub-domains, etc)
      • ๐ŸšกSub Domain Takeover
      • ๐Ÿš Account Takeover
      • ๐ŸšŸdependency confusion vulnerability
    • 2๏ธโƒฃIDOR (Indirect Object Reference)
    • 3๏ธโƒฃLeaks & Disclosure (PII, API Key, etc)
    • 4๏ธโƒฃOpen Redirects
    • 5๏ธโƒฃRequest Forgery (CSRF & SSRF)
      • ๐ŸŸขCSRF
      • ๐Ÿ”ดSSRF
    • 6๏ธโƒฃInjections (HTML, XSS, etc)
      • ๐ŸŸกXSS
      • ๐ŸŸ HTML Injection
      • ๐ŸŸฃCR/LF Injection
      • ๐ŸŸขSSTI
    • 7๏ธโƒฃBroken Access Control & Broken Authentication
      • โš™๏ธFile Upload Functionality
      • โš™๏ธPassword Reset Functionality
      • โš™๏ธ2FA Functionality
      • โš™๏ธOauth Functionality
      • โš™๏ธBypassing
      • โš™๏ธMisconfiguration
    • 8๏ธโƒฃWeb Socket
    • 9๏ธโƒฃMiscellaneous Reports
    • 0๏ธCloud
      • ๐ŸŒฉ๏ธAWS S3
    • 1๏ธLow Hanging Fruits
    • 2๏ธCache Poising
    • 3๏ธDOS/DDOS
  • Bug Bounty Platforms
    • ๐Ÿ›BugCrowd
    • ๐ŸžHackerOne
    • ๐ŸชฒIntigriti
    • ๐ŸœOpen Bug Bounty
  • Exploiting Technologies
    • 0๏ธโƒฃIntroduction
    • 1๏ธโƒฃWordpress
    • 2๏ธโƒฃGraphQL API
    • 3๏ธโƒฃIDOR Vulnerability
    • Learn Android Hacking
Powered by GitBook
On this page
  1. Bug Bounty Reports & Articles
  2. Takeover's (Accounts, Sub-domains, etc)

Account Takeover

PreviousSub Domain TakeoverNextdependency confusion vulnerability

Last updated 6 months ago

1๏ธโƒฃ
๐Ÿš 
LogoPre account takeoverMedium
LogoOauth Misconfiguration Leads to 0-Click ATOMedium
LogoHow I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability?Medium
LogoAccount (of the CEO) Takeover via Password ResetMedium
LogoAccount Takeover via Email ConfirmationMedium
LogoAccount Takeover via Weak OTPMedium
Logo[Account Take Over] through reset password token leaked in response, 2500 โ‚ฌ RewardInfoSec Write-ups
Logo5 Ways to do ATO in a Single WebsiteMedium
LogoAccount takeover in cups.mail.ruqwerty
LogoU.S. Dept Of Defense disclosed on HackerOne: Password Reset link...HackerOne
LogoMail.ru disclosed on HackerOne: Account takeover through password...HackerOne
LogoUPS VDP disclosed on HackerOne: Admin Authentication Bypass Lead to...HackerOne
LogoPII Leakage via IDOR + Weak PasswordReset = Full Account TakeoverInfoSec Write-ups
Logo0 Click Account takeoverMedium