Email Confirmation Bypass | Pre Account Takeover
Hi Friends,
whoami : Vikas Srivastava 🇮🇳
This one is my first writeup, breakdown of my finding.
Target was an emerging Indian Startup [ alias~target ], Believe me We Indians feel more happy to secure our Nation’s assets.
Brief:
Target had Signup Page, provided Email to proceed.
As usual Received Email Confirmation on e-mail, I noticed a numerical value in the Activation Link
[ https://www.target.com/account/activation/27416 ]
Quickly I went to register for another account, and now the Activation Link was
[ https://www.target.com/account/activation/27417 ]
Maybe this numerical identifies the number of user associated with the Portal.
Unlike Activation Links, Password Reset Links were secured though. [ Random Tokens ]
Note: Website won’t allow us to Login unless we Activate the Account using those links.
Impact :
On successive account creation Activation Link is easily guessable to an Attacker thus he/she can create account with Victim email and bypass Email Confirmation.
Impact can differ upon logical thinking.
Now the challenge was how to make owners aware of this flaw since target did not had Responsible Disclosure. I tried googling and luckily found a Twitter contact [ Co-Founder ].
Thankyou ! God bless ! Respect Parents
#Hack4u