This repository documents a critical vulnerability found in the forgot password functionality of the website sandeepsappal.in. The vulnerability allows for account takeover using only the victim's email ID. This security flaw is severe as it permits unauthorized access to user accounts, which could lead to sensitive data breaches.
-
Open the Website:
- Navigate to sandeepsappal.in.
-
Initiate Forgot Password:
- Use the "Forgot Password" functionality.
- Enter the victim's email ID.
-
Intercept the Request:
- Use Burp Suite (Proxy intercept) to intercept the request.
- Observe that the password reset link is exposed during interception.
-
Copy and Paste the Link:
- Copy the reset link from the intercepted request.
- Paste the link into another browser window or tab.
-
Change the Password:
- Follow the link and change the password successfully.
-
Login to the Victim's Account:
- Use the new password to log in to the victim's account.
The vulnerability was demonstrated with the consent of a friend, Naveen Mittal. The following steps were taken:
- Initiated a password reset for Naveen Mittal's account.
- Intercepted the password reset link using Burp Suite.
- Changed the password successfully.
- Logged into Naveen Mittal's account using the new password.
This vulnerability allows an attacker to take over any user's account by simply knowing their email ID. This can lead to unauthorized access to sensitive information, data theft, and potential misuse of account privileges.
To address this vulnerability, the following steps should be taken:
- Encrypt Password Reset Links: Ensure that password reset links are encrypted and valid only for a short duration.
- Verify User Identity: Implement additional verification steps, such as security questions or two-factor authentication, before allowing a password reset.
- Log and Monitor: Regularly monitor logs for unusual password reset activities and alert users of suspicious behavior.
- Secure Communication: Use secure communication protocols to protect the transmission of sensitive information.
Thank you for taking the time to read through this documentation. Let's work together to make the web a safer place! Happy hacking! ๐๐
Disclaimer: This document is for educational purposes only. Exploiting security vulnerabilities without proper authorization is illegal and unethical.
This project is licensed under the MIT License. See the LICENSE file for details.