I’m Hemant Patidar, Final Year B.Tech - Civil Engineering Student at SRMIST, Chennai.
A Civil Engineer, Cyber Security Enthusiast, and a Bug Bounty Hunter by night.
When I and Ritesh Gohil were doing a password reset of our own account we notice that the password reset link sent to our email contain a token which was of five-digit number.
Later on, we came to the conclusion that while doing a password reset of two different users (i.e. Account A and B) in a consecutive manner then the server will assign a token for both the user in a consecutive number…
Today I got one message from an unknown person regarding the job opportunity via LinkedIn.
Profile of the person from whom I got the below message: https://www.linkedin.com/in/masayukimikami/
When I opened the link I was redirected to the below page.
This is my first writeup.
Today I will share the write-up of my first accepted bug in Google, Which is in “Google Cloud Partner Advantage Portal” where I was able to modify personal details for victim account via Broken Authentication.
If the login functionality of your application can be subverted or bypassed in some way, this is referred to as broken authentication. This is such a common issue that broken authentication is an entry in the Open Web Application Security Project (OWASP) top ten web application vulnerabilities list.
Let's get straight to the bug. When I was trying to do…