My First Bounty on a Simple Bug

  1. Go to https://target.com/ password reset page.
  2. Enter your email, and ask for a password reset link.
  3. Now go to mail and open that link in two tabs.
  4. Reset the password from one tab, reload the other tab , and if it let’s you reset password again then it is vulnerable to token not invalidated after use as we are resetting the password two times with same token.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prajit Sindhkar

Prajit Sindhkar

1.5K Followers

I am a India Based Security Researcher, Bugcrowd Top 500 Hacker and Bug Bounty Leader of the BUGXS Community