Full Account Takeover (Android Application)

Introduction :

Hello Again, I am Vishal Bharad, I’m here again to share about my findings on Full Account Takeover on Android Application

About the Vulnerability :

First of all this is the one of the Simplest Vulnerability which rated in P1 Category. For Discovering the bug need to Setup for Android Application Penetration Testing.

Hope You all already know about the Setup of Android Application Penetration Testing. :)

So I am directly started with the Vulnerability that I have identified. Consider I have an Android Application which is target.apk

Tools Used for this Vulnerability:

1. BurpSuite
2. Genymotion

General Steps:

1. First of all Setup for a Android Application Penetration Testing
2. Then open genymotion and Install the application which is target.apk
3. After Installing application we need to Bypass the SSL via SSLunpinned application.
4. Then we are able to capture the request in Burp suite.

Steps to Reproduce the Vulnerability

1. After Installing application create an account as victim account.
2. Go to the Recover Password and type username or Mobile number to receive OTP or CODE.
3. Capture the Recover Password request in BurpSuite. Now Right click on the request and Click on Do Intercept > Response To This Request and click on forward Until you got the Response.
4. Now I am able to see the CODE or OTP which will send it to Victims Mobile Number.

Response with OTP

5. Now You got the victims Account CODE and now attacker can able to Reset the Password using this code.

Thank You

Disclosure :

1. I reported to Private Site on 20th Sept
2. They pay less, So they rewarded me with 3 digit $(Between $500-$700).

Thanks

Looking forward to share more blogs

Best Regards

Vishal Bharad

Linkedin Profile : https://www.linkedin.com/in/vishal-bharad-b476b388/