(Improper Access Control) Vulnerability In Prototype 1.6.0.1 Framework.

  1. BurpSuite
  1. Open two browser one is Firefox and other is Chrome and login for an 2 accounts.
  2. Then go to the attackers account and go to create ticket.
  3. In attackers account fill the form of create account and Capture the request in Burp Suite.
  4. You can see in the Request there are attackers email id present to create an ticket. So replace the email id with Victims email id and forward the request.

--

--

Penetration Tester, Bug Bounty Hunter, Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vishal Bharad

Vishal Bharad

Penetration Tester, Bug Bounty Hunter, Security Researcher