How I was able to Regain access to account deleted by Admin leading to $$$

Steps to reproduce

  1. Go to example.com/dashboard/setup/user-accounts, and enter the user email to send the invitation
  1. check inbox, open the invitation link, and then set the password for your account
  2. now try to login on to example.com/dashboard with the credentials you set in step 1
  3. Now copy the response, and keep it on Notepad
  1. comeback to admin side, and delete that invited user
  1. try to login again with the credentials, you’ll get login failed error
  2. intercept the response, and modify it with the earlier one (a valid one), and you’ll be logged in successfully

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

TRY HACK ME: Write-Up Privilege Escalation: Linux PrivEsc –NFS, Capstone Challenge

Idm Universal Crack

{UPDATE} Quiz For Pokemon Hack Free Resources Generator

{UPDATE} World of Dinos Hack Free Resources Generator

Humanode: The rebuilding of the Substrate framework for the needs of the crypto-biometric protocol…

{UPDATE} Matatu Kadi Saba Hack Free Resources Generator

{UPDATE} Family Feud US Hack Free Resources Generator

Russia was notably missing from the White House’s global ransomware summit

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rajesh Ranjan

Rajesh Ranjan

More from Medium

TryHackMe: [Day 2] Web Exploitation Elf HR Problems

CTF Write-up on Cloudsek’s 2022 Earn While You Learn Program(EWYL-2021) selection Challenge.

HTB: Valentine Writeup w/o Metasploit

Top 10 Web Application Vulnerabilities Pt. 1