Account Takeover Via Modifying Email ID — Codeigniter Framework Through 3.0.0

  • User Authentication (User Login)
  • Access Granted by Level / Role — Vulnerable Feature
  • Access Granted by Role Group — Vulnerable Feature
  • ACL for Finer Controlled Permissions
  • Limits Failed Login Attempts
  • Limits Login to a Single Device (Default)
  • Deny Access by IP (Requires Local Apache Configuration File)
  • Persistent Login (Remember Me) (Turned Off by Default)
  • Forgotten Password and Username Recovery
  1. BurpSuite
Login Page
  1. There are two account abc@gmail.com and xyz@gmail.com.
  2. Attacker can log in with abc@gmail.com account and He got an page to select role of the user.
User Role After Login
Attackers Email ID with Response.
Victim Email ID with Response.

Penetration Tester, Bug Bounty Hunter, Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Announcing the GLMR Giveaway Winners! #4

The DNA of a CISO: crisis capability meets commercial clout

9 ways to stay safe from cyberattacks

What Is Cryptography and How Does it Make Cryptocurrency Secure? — AAX Academy

</ OverTheWire > Bandit Level 13 → Level 14

{UPDATE} Play Mohawk Casino Hack Free Resources Generator

NuNet’s Multi-Sided Platform And its Stakeholders

PIVX listed!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vishal Bharad

Vishal Bharad

Penetration Tester, Bug Bounty Hunter, Security Researcher

More from Medium

IDOR with Autorize!

CNAME Cloud Subdomain Takeover [advanced]

Multiple HTTP Redirects to Bypass SSRF Protections

Internet-Wide Study: State Of SPF, DKIM, And DMARC — RedHunt Labs