{"id":2591,"date":"2019-08-17T03:04:08","date_gmt":"2019-08-16T21:34:08","guid":{"rendered":"https:\/\/ninadmathpati.com\/?p=2591"},"modified":"2020-09-13T06:39:21","modified_gmt":"2020-09-13T06:39:21","slug":"how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty","status":"publish","type":"post","link":"https:\/\/ninadmathpati.com\/hi\/2019\/08\/17\/how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty\/","title":{"rendered":"How I was able to earn 1000$ with just 10 minutes of bug bounty?"},"content":{"rendered":"

Hello, Guys, I m back with a new blog on bug bounty, I found this bug recently on independent bug bounty program, thought of sharing it.<\/p>\n\n\n\n

So here I would like to share how I got 1000$ with just 10 minutes of bug hunting,<\/p>\n\n\n\n

here you will get to know the importance of client-side vulnerabilities<\/em><\/strong>,<\/p>\n\n\n\n

So here’s how it went on, earlier during my engineering 4th year, I had too much free time. This was the time I learnt a lot about this field, That time my daily schedule was like, <\/p>\n\n\n\n

Eat-> Sleep -> Bug Hunting -> Repeat<\/em><\/strong><\/p>\n\n\n\n

A few months back, I thought to let’s give it a try so I just picked a random website lets to say asdf.com<\/em><\/strong><\/p>\n\n\n\n

Now, asdf.com is a cryptocurrency exchange website, and in a general way I tried to scan the website while doing the testing I came across the login page and got to know that we can create an account and so after creating the account I found out a place where we could request for password reset for our account. On the login page there was an option of reset password so just to give it a check I requested for my password reset through that reset option, The forgot password link was something like this, <\/p>\n\n\n\n

www.asdf.com\/resetpsswd\/email=hacker2202@asdf.com&token=aknajdnskvbskfv34tr34nj3rrff33grjqw<\/em><\/strong><\/pre>\n\n\n\n
Here if you notice, there’s and email change option. I tried changing the email address and checking the link and what a stroke of luck it was just 5 minutes of testing I got the bug, but after changing the email I was not able to change the password as the site has 2-factor authentication implemented.<\/p>\n\n\n\n
As the 2-factor authentication was implemented I thought we cannot do anything of it now as altering the email doesn’t work, but suddenly I saw a mail-in my altered email inbox it was from the asdf.com it was like,<\/p>\n\n\n\n
I got a new reset password link of that account to my altered email address.<\/p>\n\n\n\n
So what was happening was <\/p>\n\n\n\n
when we are requesting a password reset for our account we were getting a mail and that reset password link had token expiration vulnerability ( it was not expiring the token after one use)<\/p>\n\n\n\n
2nd the problem was when I was altering the email  and processing the link I was able to get a new reset link to my altered email address of the victim’s account (not exactly same but something like Http pollution attack)<\/p>\n\n\n\n