How I Earned $1000 From Business Logic Vulnerability (account takeover)
Hello security research, now i want to share about my finding on bug bounty program and earned $1000.
What is Business Logic Vulnerability, if you don’t know, you can read full explain here https://portswigger.net/web-security/logic-flaws because i’m not comfortable to copying people quotes.
This is a public bug bounty program, i don’t know if it’s ok to share or not, for protect company secret so let’s just call as target.com. Target is platform IT consultation and Target have a subdomain app.target.com that a main application for customer login and manage product what them have.
app.target.com have a feature team member, every member have a role (owner, admin, user).
I found two flaw logic in this feature:
- Account with the owner role can edit their member account data including email account
- Account with the owner role can add any other account to him team without any confirmation by account invited.
I search the account target via email then i found admin account(admin@target.com)
I add admin account to my team.
Then i change their email to my email and reset password via email.
I login with the new password then BOOM!!!, So i immediately made a POC then sent a report, took quite a while to get a reply from them, and finally got a reply
Sorry about my english, is so bad😅