Hello Hunters!!!

This is Vibhurushi Chotaliya. I hope you guys are doing well…Today I want to share my recent finding on Bugcrowd Private Program.

I found a 2FA Bypass. How??

Below is the Application behaviour that will help us to bypass 2FA.

Application Logic 1:

  1. In one browser user session was active.
  2. From different browser tries to forget the password for that user.
  3. Got the reset link, which was holding the same reset token as the current user session token. means reset token and session token was the same.
  4. Strange Right!!

Application Logic 2:

  1. After the password reset, the user…

Hello Hunters!!!

This is Vibhurushi Chotaliya. I hope you guys are doing well…Today i want to share about my recent finding on Bugcrowd Private Program.

I found the Unrestricted File Upload vulnerability….

Let’s Begin..

I got the email from bugcrowdninja.com(on behalf email) which we are using for testing purpose, i identified that the private program is launching their new portal with that email.

So after the job hours i was just looking into that portal and found the upload functionality, where we can only upload the specific projects files like in MAC/Window if you want to install the APP then…


Hello guys

This is Vibhurushi Chotaliya. I hope you guys doing well…Today i want to share my cool finding on Bugcrowd Private Program.

I was found the IDOR vulnerability, through that i was able to do a big money fraud to company.

Let’s ROCK it…….

I got the Scope update mail from XYZ.com private program, then i start the hunting and observe the functionality of product and its transaction.

I add product into cart about the worth 100001 MXN (Maxican Peso) then go to the address tab then transaction tab.they have a Paypal payment gateway. …


Hello guys

This is Vibhurushi Chotaliya. I hope you doing well…

This post is about i was able to bypass password protection when add some bank details and something else.

POC:

  1. After login when i add bank details xyz.com it ask me account password.
  2. So i enter the correct password,catch the request in burp.i got response like {“status”:”success”,”data”:{“message”:”Authentication successful.”}}
  3. Now i’m able to change my bank details.
  4. Again i’m re-login in my account, this time i enter wrong password and catch the request in burp.i got response like {“status”:”error”,”data”:”Incorrect password. Please try again."}.
  5. Now you are thinking i was change the response and bypass it…yes you are right.
  6. Again i enter wrong password,catch the request in burp,again i got response like {“status”:”error”,”data”:”Incorrect password. Please try again.”}. then i replaced with this response{“status”:”success”,”data”:{“message”:”Authentication successful.”}} and i bypass the password protection.

Vibhurushi Chotaliya

Associate Security Engineer at Oracle + Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store