HowToHunt

HowToHunt copied to clipboard

Bug Description: During sign up we need to verify the email but we can bypass the verification by just clicking the remember me button and changing the URL path.

Steps to reproduce:

1. Go to https://dashboard.example.com/signup and create a dummy account.
2. You will be asked to verify the account and the URL will be- https://dashboard.example.com/signup/pending/uri849hfjhd.
3. Now simply remove the /signup/pending/uri849hfjhd and make the URL- https://dashboard.example.com/
4. Now you will be redirected to https://dashboard.example.com/login
5. Enter the email/password that you used to create the account in step 1.
6. Click on 'remember me' button and click on Login.
7. Now you will again redirected to this path- https://dashboard.example.com/signup/pending/uri849hfjhd
8. Simply follow the above step 3[remove /signup... path in the URL and make it https://dashboard.example.com/] and you will be logged into the account without email verification.

Impact: Email verification bypass could enable an attacker to do pre-account takeover and he can create any number of dummy accounts.

Recommendation: Remember me functionality must verify whether the account is verified or not.

POC: Please let me know how can I share the POC video privately because the bug is still not fixed on the application which I found on.

You can update here once it's fixed

Thank