Published On Jun 10, 2020
Description:
Account Takeover in Google Digital Garage via changing user password due to an IDOR in Google APIs.
Impact:
Attacker is able to make brute force attack against Digital Garage users or trick them through a fake page to enter their credentials then their passwords will be changed automatically.
For more details about the bug, see my writeup here: https://bugreader.com/ahmad_halabi@194
By:
Ahmad Halabi.
Visit my website: https://ahmadhalabi.net
Follow me on Hackerone: https://hackerone.com/ahmd_halabi
Follow me on Facebook: / dragon.shaheen1
Follow me on Instagram: / ahmad_shn1
#hackerone #ahmd_halabi #bug_hunting
show more
