#account-takeover
2 articles
Sweet Security Disaster: How I Could Verify Any Account on a Dessert Website 🍦
An account-verification bypass on a dessert site: a Base64-encoded email parameter with no server-side validation let me activate any account.
·4 min readThe Silent Threat: Understanding Pre-Account Takeover Attacks 🕵️♀️
How pre-account-takeover attacks exploit identity gaps before signup via domain interception and typosquatting—plus how to defend against them.
·5 min read