Skip to content

Commit

Permalink
Update account_takeover_checklist.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@aufzayed
aufzayed authored Oct 31, 2021
1 parent 3a64667 commit 238c99e
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions account_takeover_checklist.md
View file
Original file line number Diff line number Diff line change
@@ -1,41 +1,41 @@
## Account Takeover Checklist

- login:
1. check if you are able to brute force the password
- [ ] check if you are able to brute force the password

2. Test for OAuth misconfigurations
- [ ] Test for OAuth misconfigurations

3. check if you are able to bruteforce the login OTP
- [ ] check if you are able to bruteforce the login OTP

4. check for JWT mesconfigurations
- [ ] check for JWT mesconfigurations

5. Test for SQL injection to bypass authentication
- [ ] Test for SQL injection to bypass authentication

```admin" or 1=1;--```
6. check if the application validates the OTP or Token
- [ ] check if the application validates the OTP or Token

- password reset:
1. check if you are able to brute force the password reset OTP
- [ ] check if you are able to brute force the password reset OTP

2. test for token predectability
- [ ] test for token predectability

3. test for JWT misconfigurations
- [ ] test for JWT misconfigurations

4. check if the password reset endpoint is vulnerable to IDOR
- [ ] check if the password reset endpoint is vulnerable to IDOR

5. check if the password reset endpoint is vulnerable to Host Header injection
- [ ] check if the password reset endpoint is vulnerable to Host Header injection

6. check if the password reset endpoint is leaking the token or OTP in the HTTP response
- [ ] check if the password reset endpoint is leaking the token or OTP in the HTTP response

7. check if the application validates the OTP or Token
- [ ] check if the application validates the OTP or Token

- XSS to Account Takeover

1. try to exfiltrate the cookies
- [ ] try to exfiltrate the cookies

2. try to exfiltrate th Auth Token
- [ ] try to exfiltrate th Auth Token

3. if the cookie's "domain" attribute is set, search for xss in the subdomains and use it to exfiltrate the cookies
- [ ] if the cookie's "domain" attribute is set, search for xss in the subdomains and use it to exfiltrate the cookies

- PoC Example:
```html
Expand All @@ -56,9 +56,9 @@

- CSRF to Account Takeover

1. check if the email update endpoint is vulnerable to CSRF
- [ ] check if the email update endpoint is vulnerable to CSRF

2. check if the password change endpoint is vulnerable to CSRF
- [ ] check if the password change endpoint is vulnerable to CSRF

- PoC Example:
```html
Expand All @@ -80,8 +80,8 @@

- IDOR to Account Takerover

1. checck if the email update endpoint is vulnerable to IDOR
- [ ] checck if the email update endpoint is vulnerable to IDOR

2. check if the password change endpoint is vulnerable to IDOR
- [ ] check if the password change endpoint is vulnerable to IDOR

3. check if the password reset endpoint vulnerable to IDOR
- [ ] check if the password reset endpoint vulnerable to IDOR

0 comments on commit 238c99e

Please sign in to comment.