Account Takeover Methodology
Application Level DoS
Authentication Bypass
Broken-Link Hijacking
Broken Auth And Session Management
Finding CVEs
Web Page Source Code Review
EXIF Geo Data Not Stripped
File Upload Bypass
Find Origin IP
GraphQL
HTTP Desync Attack
Host-Header Attack
HTML-Injection
IDOR
JWT ATTACK
OAuth
SSTI
Sign Up Functionality
Tabnabbing
Weak Password Policy
Password Reset Token Leakage
Password Reset Token Leakage
Steps:
1.Sent a password reset request using forget password
2.Check your email
3.copy your reset page link and paste in another tab and make burp intercept on.
4.Look for every request if you find similiar token that is in reset link with other domain like: bat.bing.com or facebook.com
5.Than there is reset password token leakage.

Authors

Copy link