Account Take Over via Forgot Password Function

  Рет қаралды 7,773

TraceTheCode

TraceTheCode

2 жыл бұрын

Forgot Password function allows the application users to reset their password if they forgot their account password. If a web application doesn’t implement a secure forgot password function this would allow an attacker to reset the application users password and take over their account. During this video we look at this scenario in action.
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their OWN applications.
Web Security Academy | Lab: Password reset broken logic:
portswigger.net/web-security/...
Twitter: / tracethecode

Пікірлер: 16
@DoctorWEED-
@DoctorWEED- 2 ай бұрын
its a perfect metod to learn
@tigreonice2339
@tigreonice2339 2 жыл бұрын
Gracias por compartir tus conocimientos
@TraceTheCode
@TraceTheCode 2 жыл бұрын
My Pleasure!
@tiwister8773
@tiwister8773 9 ай бұрын
thanks
@SohagAfsar
@SohagAfsar Жыл бұрын
You are the best brother. Take Love😍😍💞💞💞
@TraceTheCode
@TraceTheCode Жыл бұрын
Thanks.
@GameWithSNAKE
@GameWithSNAKE 2 жыл бұрын
Thanks for knowledge ❤️
@TraceTheCode
@TraceTheCode 2 жыл бұрын
My pleasure 😊
@Ashton.Rblx-
@Ashton.Rblx- 9 ай бұрын
How do i get burp suite for free?
@Lacunna
@Lacunna 2 жыл бұрын
When I send it, It says bad request how to fix that
@Lacunna
@Lacunna 2 жыл бұрын
It say in the response tab “invalid csrf token (session does not contain a csrf token)” but when I remove it it says missing parameter
@TraceTheCode
@TraceTheCode 2 жыл бұрын
If that's the case for you, I suggest to follow these steps 1)request a new password reset link 2) Click on the PW reset link in the email inbox 3) turn on burp intercept 4) choose the new password in the forgot password page 5) submit the request 6) go to the captured request in Burp and change the username parameter value to carlos and forward the request.
@tigreonice2339
@tigreonice2339 2 жыл бұрын
If my pc has malware and I reset or format the pc, will the malware be deleted? I Deleted the file and from the trash. Will I be able to format the pc and be calm?
@freedom4all931
@freedom4all931 2 жыл бұрын
No
@tigreonice2339
@tigreonice2339 2 жыл бұрын
@@freedom4all931 what can I do? No I cant see the file and none antivirus detected it
@youtubee4817
@youtubee4817 Жыл бұрын
@@tigreonice2339 destroy it and change hd.
Two Factor Authentication(2FA) Bypass Using Brute-Force Attack
10:30
Two Factor Authentication(2FA) Bypass Using Brute-Force Attack
TraceTheCode
Рет қаралды 36 М.
Authentication Bypass via Insecure Deserialisation
10:17
Authentication Bypass via Insecure Deserialisation
TraceTheCode
Рет қаралды 1,1 М.
Heartwarming Unity at School Event #shorts
00:19
Heartwarming Unity at School Event #shorts
Fabiosa Stories
Рет қаралды 25 МЛН
Alex hid in the closet #shorts
00:14
Alex hid in the closet #shorts
Mihdens
Рет қаралды 18 МЛН
哈莉奎因以为小丑不爱她了#joker #cosplay #Harriet Quinn
00:22
哈莉奎因以为小丑不爱她了#joker #cosplay #Harriet Quinn
佐助与鸣人
Рет қаралды 8 МЛН
Best Toilet Gadgets and #Hacks you must try!!💩💩
00:49
Best Toilet Gadgets and #Hacks you must try!!💩💩
Poly Holy Yow
Рет қаралды 22 МЛН
Forgot Password Logic - Explained
11:45
Forgot Password Logic - Explained
The Full Stack Junkie
Рет қаралды 10 М.
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
9:53
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
Bug Bounty Reports Explained
Рет қаралды 22 М.
Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Short Version
8:14
Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Short Version
Rana Khalil
Рет қаралды 3,3 М.
How Hackers Bruteforce Account Passwords on a Login Page
18:15
How Hackers Bruteforce Account Passwords on a Login Page
Maythom
Рет қаралды 4,5 М.
Password Reset Poisoning | Host Header Injection
6:33
Password Reset Poisoning | Host Header Injection
TraceTheCode
Рет қаралды 5 М.
Secure Your Self-Hosted Network with Wazuh
21:49
Secure Your Self-Hosted Network with Wazuh
Techdox
Рет қаралды 97 М.
Where People Go When They Want to Hack You
34:40
Where People Go When They Want to Hack You
CyberNews
Рет қаралды 1,4 МЛН
Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version
14:09
Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Short Version
Rana Khalil
Рет қаралды 5 М.
Two Factor Authentication(2FA) Bypass | 2FA Broken Logic
7:47
Two Factor Authentication(2FA) Bypass | 2FA Broken Logic
TraceTheCode
Рет қаралды 7 М.
Bug Bounty POC - Account takeover (reset password token leaked in referrer header)
3:02
Bug Bounty POC - Account takeover (reset password token leaked in referrer header)
Bug Bounty Videos
Рет қаралды 864
ЧТО ЭТО За Флешки Замурованные в СТЕНЕ? #shorts
0:53
ЧТО ЭТО За Флешки Замурованные в СТЕНЕ? #shorts
Bubble™
Рет қаралды 7 МЛН
Как бесплатно замутить iphone 15 pro max
0:59
Как бесплатно замутить iphone 15 pro max
ЖЕЛЕЗНЫЙ КОРОЛЬ
Рет қаралды 8 МЛН
Функция, которая позволяет чужому человеку получить доступ к вашему iPhone 📵Советуем отключить её🧡
0:37
Функция, которая позволяет чужому человеку получить доступ к вашему iPhone 📵Советуем отключить её🧡
KingStore_astrakhan
Рет қаралды 5 МЛН
Ba Travel Smart Phone Charger
0:42
Ba Travel Smart Phone Charger
Tech Official
Рет қаралды 1,2 МЛН
Запись звонков на iPhone, Apple Intelligence и новая Siri! Обзор iOS 18.1 (beta 1)
12:20
Запись звонков на iPhone, Apple Intelligence и новая Siri! Обзор iOS 18.1 (beta 1)
ProTech
Рет қаралды 86 М.
Мой новый мега монитор!🤯
1:00
Мой новый мега монитор!🤯
Корнеич
Рет қаралды 907 М.
Это - iPhone 16!
16:29
Это - iPhone 16!
Rozetked
Рет қаралды 430 М.