How I chained multiple High-impact vulnerabilities to create a critical one.

Vinay Jagetiya (princej_76)
2 min readMar 17, 2023

--

Hello Everyone!!! I am Vinay Jagetiya (princej_76) and I am back again with my one of the most interesting finding.

I will explain how I found high impact vulnerabilities and chained them to create critical one.

Here we go!!!

Lets say the domain is ‘xyz.com’. I created an account and it created a subdomain of my username for my profile (username.xyz.com).

I logged in with my email and password and entered my mobile number and saved. I got link on my email to get my number verified.

The link was like ‘username.xyz.com/<token>’ (and token was an integer like ‘xxxxxx’)

I thought to tamper with that token so i changed (incremented and decremented the token number).

After some 404 errors, at some tokens I got redireced to other users subdomains for mobile verification.

I can now see User’s name, email id, his/her subdomain address and Phone number, with a button for mobile verification so I clicked on that button and it sent an OTP on the respective number, hence I didn’t have access to OTP so I tried response manipulation and it worked, I changed reponse in burp-suite.

Then it redireccted me to enter new password. I entered new password.

Now I had everything his credentials, his profile subdomain, username.

So I logged in to the account(s) and I took over many user account, even suspended accounts, which i can reactivate by generating ticket in help center.

SUMMARY: Those were three high or critical vulnerabilities (PII, OTP bypass and Account takeover) chained together to form a mass account takeover without social engineering or user interaction.

If you like the blog you can connect me on

Twitter: https://twitter.com/princej_76

Linkedin: https://www.linkedin.com/in/vinay-jagetiya/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Vinay Jagetiya (princej_76)
Vinay Jagetiya (princej_76)

Written by Vinay Jagetiya (princej_76)

Security Researcher | Found 500+ vulnerabilities | HOF from 30+ Organizations.

Responses (1)

Write a response