5 methods to bypass authentication. via @AnonY0gi
(thread)
(thread)
1. Response manipulation
- it usually happens when the server doesn't check client-side input
- it usually happens when the server doesn't check client-side input
2. OTP/MFA/2FA code leak in the response
- it usually happens when the verification code is leaked in the response
- it usually happens when the verification code is leaked in the response
3. Brute forcing OTP/MFA/2FA
- it usually happens when there is no rate limit at code verification input
- it usually happens when there is no rate limit at code verification input
4. Sensitive information in JS code or code repos.
- it usually happens when hard-coded credentials, keys and secrets are leaked via code
- it usually happens when hard-coded credentials, keys and secrets are leaked via code
5. Host header injection
- sometimes, adding headers like X-Forwarded-Host, can leak/send sensitive responses to attackers.
- sometimes, adding headers like X-Forwarded-Host, can leak/send sensitive responses to attackers.
6. All these 5 methods have been wonderfully exemplified in a video by @AnonY0gi. Check him out.
Like, retweet, and follow me for more posts like this.
#infosec #pentesting #cybersecurity #appsec #bugbounty #bugbountytips
Like, retweet, and follow me for more posts like this.
#infosec #pentesting #cybersecurity #appsec #bugbounty #bugbountytips
Loading suggestions...