Session Hijacking Vulnerability in Password Reset Flow Leading to Cross-Account Access

Hello guys! I’m here again with another vulnerability, last one for the year 2024. Let’s get started : ) Imagine trying to reset your password on one account, only to realize you’ve inadvertently ...

Apr 7, 2025

Exploiting CSRF and OTP Reuse: How Weak Token Management Enables Password Reset Attacks, Leading to ATO

Hello guy! I’m iPsalmy. It’s been a while I wrote anything here. Anyway, with no waste of time let’s talk about how I used a simple CSRF attack to exploit a weak token management which led to me...

Nov 28, 2024

How to set up Metasploitable Lab for WAPT

Hey there! been a minute. In this write-up, I’ll be showing you how to set up your own metalsploitable virtual lab for web application security and penetration testing. STEP 1 First of, head to o...

Mar 8, 2024 Ethical hacking

How the Web works

Ever wondered what happens when you visit a Website or enter a URL? Well, look no further. I’ll be breaking down what happens when you enter a URL into your browsers here. Extracting the Domain Na...

Feb 10, 2024

Session Hijacking Vulnerability in Password Reset Flow Leading to Cross-Account Access

Exploiting CSRF and OTP Reuse: How Weak Token Management Enables Password Reset Attacks, Leading to ATO

How to set up Metasploitable Lab for WAPT

How the Web works

Trending Tags