How I Earned $1000 From Business Logic Vulnerability (account takeover)

Hello security research, now i want to share about my finding on bug bounty program and earned $1000.

What is Business Logic Vulnerability, if you don’t know, you can read full explain here https://portswigger.net/web-security/logic-flaws because i’m not comfortable to copying people quotes.

This is a public bug bounty program, i don’t know if it’s ok to share or not, for protect company secret so let’s just call as target.com. Target is platform IT consultation and Target have a subdomain app.target.com that a main application for customer login and manage product what them have.

app.target.com have a feature team member, every member have a role (owner, admin, user).

I found two flaw logic in this feature:

  1. Account with the owner role can edit their member account data including email account

I search the account target via email then i found admin account(admin@target.com)

I add admin account to my team.

Then i change their email to my email and reset password via email.

I login with the new password then BOOM!!!, So i immediately made a POC then sent a report, took quite a while to get a reply from them, and finally got a reply

Sorry about my english, is so bad😅

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store