Account Take Over Via 3Ways
Hello Every Body I Hope All Of You Are Fine
Today I gonna explained how i take over account via 3 ways :
First Way :-
I go to my profile and try to change the email , i aimed to get csrf so i opened my Burp Suite and intercept the request let’s say the website is example.com i found the request send data via get method from link like that : example.com/edit-profile.php?id=200
i tried to create another account and get it’s id and put it in id parameter in the link and fortunately it’s works and i can change any account data such that username and email,phone so i could takeover by this way
Second Way :-
i tried to use forget my password and view page source i found the token in the source
Third way :-
Go to Profile and try to change the Email as i noticed in the first way
then i go to my burpsuite and intercept the request then i go to
and fill data and it’s works and changed email in account successfully