List: Account Takeover ATO | Curated by Sagar Sajeev

Nov 15, 2022

33 stories

6 saves

Account Takeover ATO
Sujay Hazra
Account Takeover via 2FA BypassHello Everyone , This is my first writeup
Aug 31, 2021
2
Aug 31, 2021
2
Avanish Pathak
An Account Takeover Vulnerability Due to Response Manipulation.- No doesn’t necessarily mean no.! Responses can always be manipulated
Jan 30, 2021
3
Jan 30, 2021
3
Rohit_443
Using Default Credential to Admin Account TakeoverHi, Everyone
Oct 2, 2022
1
Oct 2, 2022
1
Abdullah Mudzakir
Host Header Injection Leads To Account TakeoverHalo perkenalkan saya Abdullah Mudzakir disini saya akan memberikan Write up bagaimana 
saya menemukan celah Host Header Injection yang…
Sep 28, 2020
Sep 28, 2020
Abdullah Mudzakir
Account Takeover via OTP Leakage in HTTP ResponseHalo semuanya pada kesempatan kali ini saya ingin membagikan sebuah pengalaman saya ketika berburu Bug disalah satu Applikasi.
Dec 28, 2020
Dec 28, 2020
Abhishek
Password reset poisoning to ATO and OTP bypass.A common way to implement password reset functionality is to generate a secret token and send an email with a link containing the token…
Aug 1, 2020
2
Aug 1, 2020
2
Abhishek
Clickjacking to Account TakeoverClickjacking is an attack in which a user is tricked to click on something that he didn’t intend to, meaning an attacker could possibly…
May 28, 2020
2
May 28, 2020
2
 This story is no longer available
vikram naidu
Account takeover via stored xssHi everyone! This is Vikram Naidu, Bug bounty hunter from India. Hope you all are safe. This is my first writeup and it is about my recent…
Jul 29, 2021
1
Jul 29, 2021
1
Aditya Sharma
[$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)Single click account takeover Write-up (Critical)
Aug 24, 2021
1
Aug 24, 2021
1
Xcheater
All about Account TakeoverAccount Takeover Methods
Feb 27, 2022
1
Feb 27, 2022
1
Kwadwo Amoako
Full Account takeover (ATO) — a tale of two bugs 🐛Hi everyone, I hope we’re all having a swell day. Before I jump into today's bug  report, I’d like to express my sincerest gratitude for…
Feb 8, 2022
3
Feb 8, 2022
3
Kwadwo Amoako
SSRF to a Full Account Takeover (ATO)Hello hackers!! today, I will be showing you how I performed an SSRF and Account Takeover attack, using host header injection. Let's get…
Mar 4, 2022
11
Mar 4, 2022
11
Abhisek R
Increasing impact of Information Disclosure — Full Account Takeover !Hey, I’m Abhisek. Back with another write up. This write up is based upon my bug hunting tactics of increasing impact of information…
Mar 26, 2021
1
Mar 26, 2021
1
Ashutosh mishra
Account Takeover via Response Manipulation worth 1800$..Bypassing Authenitcation Mechanism lead to account takeover worth 1800$
Feb 20, 2021
6
Feb 20, 2021
6
Mohsin khan
Full account takeover worth $1000 Think out of the boxHi everyone how are you doing today? I hope you are doing great and scoring lots of bounties. Today's story is about a bug I found on…
Feb 15, 2021
9
Feb 15, 2021
9
Sushmitha Katikitala
How I can take over any user’s account with their mobile numberHi everyone! Hope you all are healthy and safe. This is my first write-up on one of the findings in a private program where I was able to…
Sep 6, 2021
2
Sep 6, 2021
2
Tushar Sharma
P5 to P1: Intresting Account TakeoverHello Guys,
Jan 3, 2022
10
Jan 3, 2022
10
Vikash Maurya
Account Takeover + A Bonus VulnerabilityHello everyone, In the article I will explain how I was able to takeover any account of redacted.com. This attack is very much similar to…
Jul 18, 2021
1
Jul 18, 2021
1
Ramalingasamy
How can I takeover any account using only their email or mobile number.Hey guys,
Jul 19, 2021
1
Jul 19, 2021
1

Account Takeover ATO

Account Takeover via 2FA Bypass

Hello Everyone , This is my first writeup

An Account Takeover Vulnerability Due to Response Manipulation.

- No doesn’t necessarily mean no.! Responses can always be manipulated

Using Default Credential to Admin Account Takeover

Hi, Everyone

Host Header Injection Leads To Account Takeover

Halo perkenalkan saya Abdullah Mudzakir disini saya akan memberikan Write up bagaimana saya menemukan celah Host Header Injection yang…

Account Takeover via OTP Leakage in HTTP Response

Halo semuanya pada kesempatan kali ini saya ingin membagikan sebuah pengalaman saya ketika berburu Bug disalah satu Applikasi.

Password reset poisoning to ATO and OTP bypass.

A common way to implement password reset functionality is to generate a secret token and send an email with a link containing the token…

Clickjacking to Account Takeover

Clickjacking is an attack in which a user is tricked to click on something that he didn’t intend to, meaning an attacker could possibly…

Account takeover via stored xss

Hi everyone! This is Vikram Naidu, Bug bounty hunter from India. Hope you all are safe. This is my first writeup and it is about my recent…

[$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)

Single click account takeover Write-up (Critical)

All about Account Takeover

Account Takeover Methods

Full Account takeover (ATO) — a tale of two bugs 🐛

Hi everyone, I hope we’re all having a swell day. Before I jump into today's bug report, I’d like to express my sincerest gratitude for…

SSRF to a Full Account Takeover (ATO)

Hello hackers!! today, I will be showing you how I performed an SSRF and Account Takeover attack, using host header injection. Let's get…

Increasing impact of Information Disclosure — Full Account Takeover !

Hey, I’m Abhisek. Back with another write up. This write up is based upon my bug hunting tactics of increasing impact of information…

Account Takeover via Response Manipulation worth 1800$..

Bypassing Authenitcation Mechanism lead to account takeover worth 1800$

Full account takeover worth $1000 Think out of the box

Hi everyone how are you doing today? I hope you are doing great and scoring lots of bounties. Today's story is about a bug I found on…

How I can take over any user’s account with their mobile number

Hi everyone! Hope you all are healthy and safe. This is my first write-up on one of the findings in a private program where I was able to…

P5 to P1: Intresting Account Takeover

Hello Guys,

Account Takeover + A Bonus Vulnerability

Hello everyone, In the article I will explain how I was able to takeover any account of redacted.com. This attack is very much similar to…

How can I takeover any account using only their email or mobile number.

Hey guys,

Sagar Sajeev