Oauth misconfiguration == Pre-Account Takeover

Hey fellow hackers,

Here Ramalingasamy M K(Security Researcher),

After so many months, I am back with a writeup for an interesting vulnerability i found in RedBull two days ago,but it was duplicate.

Smile in pain

But the vulnerability was quite interesting.Lets start !!!!

Start the hunting.

Lets look at that website,the website looks like a normal webpage.I go to the signup page and the page looks like,

I created an account using victim mail and didn’t completed the email confirmation and logged into redbull account.so,here there was an confirmation email send to the registered email address(victim mail).So,the vulnerability here is bypassing the email verification.

How to bypass :

So, the attacker also having access to that account.

Thanks for reading this writeup!!.

Writeup’s coming !!