crash.software
Projects
Pull Requests
Issues
Builds
NafisiAslH-KnowledgeSharing
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY NafisiAslH-KnowledgeSharing Files
🤬
f46b5405
ROOT /
CyberSecurity /
Web /
BountyStory /
Authentication /
AuthenticationSchemaBypass /
20220830 - How I Account Takeover via XSS.md
25 lines | UTF-8 | 884 bytes

How I Account Takeover via XSS 💡

1. Found XSS

  • found login page in /account/?jid=77877
  • jid parameter has no validation 20220830-1.png
     

2. Escalate it to account takeover

20220830-2.png
 

3. Get user & pass

  • Used Burb Collaborator 20220830-3.png
     

Credit

Based on Mohamed Tarek's write-up.
 

Support

You can Follow me on twitter or

Buy Me A Coffee

Please wait...
Page is in error, reload to recover