Pre-Account Take Over to Full Account Take Over


1-ثبت نام با ایمیل قربانی و شماره تماس هکر یا بلعکس(ایمیل هکر شماره تماس قربانی)
-2 تنظیمات پروفایل وفعالسازی متد های لاگین با هر دو مورد(email+phone number)
3-قربانی در صورت ثبت نام با پیغام قبلا ثبت نام کرده ایید مواجه میشود و درصورت ریست پسورد وی ما میتوانیم با شماره یا ایمیلی که ثبت نام کرده اییم حساب وی را تصاحب کنیم.

https://pihunter.net/iranbugbounty/
این یک پست خوب برای دوستانیه‌ دوست دارند روی برنامه های ایرانی فعالیت کنن
زحمت این پست رو مهدی کشیده

امروز اختتامیه دومین رویداد باگ پارتی امسال بود که خدارو شکر با همکاری دوستان تونستیم مقام دوم رو کسب‌کنیم
خیلی خوبه که چند وقت یکبار جمع میشیم‌ دور هم و باهم هم صحبت میشیم🤝❤️
اینم بمونه به یادگار

https://www.ompfinex.com/bug-bounty
سلام دوستان برنامه باگ بانتی صرافی ompfinex لانچ شد
میتونید با مشاهده قوانین در مسابقه شرکت کنین
رنج بانتی خیلی خوبی هم داره

کامنتا خداست😂😂

سلام به همه عزیزان در هفته چهل و دوم از برنامه GO-TO CVE به اسیب پذیری RCE روی یکی محصولات معروف به نام SharePoint پرداخته ایم.

📱 Week: 42
🔍 CVE: CVE-2019-0604
💻 Type: 🏹Remote Code Execution
🛠 CMS: SharePoint

Top 25 Bug Bounty Platform

01. Bugcrowd
02. HackerOne
03. Intigriti
04. YesWeHack
05. Synack, Inc.
06. HackenProof | Web3 bug bounty platform
07. Open Bug Bounty
08. Immunefi
09. Cobalt
10. Zerocopter
11. Yogosha
12. SafeHats
13. Vulnerability Research Labs, LLC
14. AntiHACKme Pte Ltd
15. RedStorm Information Security
16. Cyber Army Indonesia
17. Hacktrophy
18. Nordic Defender
19. Capture The Bug
20. Bugbounter
21. Detectify
22. BugBase
23. huntr
24. Pentabug
25. SecureBug

Happy new year 🎈🎊
More 🐞 more 💵

Authentication Weakness Leading to Persistent Account Takeover

Introduction:
I discovered a critical security weakness in the authentication system of a digital service that allows attackers to gain persistent control over user accounts. This vulnerability exists due to flaws in the authentication process and session management.

Vulnerability Explanation:
The service offers a quick login feature using QR code scanning, designed to simplify user experience. However, I tested this mechanism and found that it does not require user confirmation, making it possible for an attacker to hijack an account with minimal effort.

Exploitation Steps:
1. I opened the login page of the service.
2. A new QR code was generated, containing a login link specific to the user (with a format like https://target.com/device/XXXXXX).
3. I extracted the link and sent it to the victim.
4. Once the victim opened the link, they unknowingly granted me access to their account.

More Critical Aspects of the Vulnerability:
- After a successful login, the authentication token assigned to the victim’s account remained valid even after they logged out of the main platform.
- This token could also be used on the primary service, leading to a full and persistent account takeover.
- The session management system was not properly implemented, meaning the victim had no way to forcefully terminate the attacker’s access.

Conclusion & Recommendations:
This vulnerability has severe implications for user privacy and security. To mitigate this issue, the following measures should be implemented:
- Adding an additional confirmation step before granting access via QR code (such as email or SMS verification).
- Invalidating authentication tokens upon user logout.
- Implementing an effective session management system that allows users to terminate all active sessions.
- Restricting authentication tokens to specific services only.

I tested this vulnerability and confirmed that without a proper fix, attackers can easily hijack user accounts and maintain unauthorized access.


more:
t.me/rootdr_research

New Tool Release: ex-redirect – Automated Open Redirect Finder

https://github.com/rootDR/ex-redirect

I'm excited to announce the release of ex-redirect, a powerful tool designed to help you identify open redirect vulnerabilities using archived URLs from the Wayback Machine.

Key Features:
- Scans historical URLs for potential open redirects
- Supports subdomain enumeration
- Filters out WordPress-related paths
- Option to check for live URLs
- Saves results organized by subdomain

Usage:

python ex-redirect.py -t example.com -s -l -wp

- -t: Specify the target domain
- -s: Include subdomains in the scan
- -l: Check if the URLs are live
- -wp: Exclude WordPress-related paths

Output:
Results are saved in a directory named after the target domain, with separate files for each subdomain containing potential open redirect URLs.

Author: rootdr
Twitter: @R00TDR
Telegram: https://news.1rj.ru/str/RootDr

Feel free to share your feedback and contributions!