Account Takeover Via Modifying Email ID — Codeigniter Framework Through 3.0.0

  • User Authentication (User Login)
  • Access Granted by Level / Role — Vulnerable Feature
  • Access Granted by Role Group — Vulnerable Feature
  • ACL for Finer Controlled Permissions
  • Limits Failed Login Attempts
  • Limits Login to a Single Device (Default)
  • Deny Access by IP (Requires Local Apache Configuration File)
  • Persistent Login (Remember Me) (Turned Off by Default)
  • Forgotten Password and Username Recovery
  1. BurpSuite
Login Page
  1. There are two account abc@gmail.com and xyz@gmail.com.
  2. Attacker can log in with abc@gmail.com account and He got an page to select role of the user.
User Role After Login
Attackers Email ID with Response.
Victim Email ID with Response.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vishal Bharad

Vishal Bharad

Penetration Tester, Bug Bounty Hunter, Security Researcher