Merge branch 'master' of github.com:HackTricks-wiki/hacktricks

carlospolop · carlospolop · commit fc39298c729c · 2025-04-03T15:55:13.000+02:00
diff --git a/src/pentesting-web/account-takeover.md b/src/pentesting-web/account-takeover.md
@@ -111,6 +111,12 @@ From [this report](https://dynnyd20.medium.com/one-click-account-take-over-e5009
 
 This also happened in [**this report**](https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea).
 
+
+### Bypass email verification for Account Takeover
+- Attacker logins with attacker@test.com and verifies email upon signup.
+- Attacker changes verified email to victim@test.com (no secondary verification on email change)
+- Now the website allows victim@test.com to login and we have bypassed email verification of victim user.
+
 ### Old Cookies
 
 As explained [**in this post**](https://medium.com/@niraj1mahajan/uncovering-the-hidden-vulnerability-how-i-found-an-authentication-bypass-on-shopifys-exchange-cc2729ea31a9), it was possible to login into an account, save the cookies as an authenticated user, logout, and then login again.\

-Original file line number
+Diff line change
 This also happened in [**this report**](https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea).
++
 +### Bypass email verification for Account Takeover
 +- Attacker logins with [email protected] and verifies email upon signup.
 +- Attacker changes verified email to [email protected] (no secondary verification on email change)
 +- Now the website allows [email protected] to login and we have bypassed email verification of victim user.
++
 ### Old Cookies
 As explained [**in this post**](https://medium.com/@niraj1mahajan/uncovering-the-hidden-vulnerability-how-i-found-an-authentication-bypass-on-shopifys-exchange-cc2729ea31a9), it was possible to login into an account, save the cookies as an authenticated user, logout, and then login again.\