Today I will share a security flaw on pagalguy that I discovered last year.
As you may know Pagalguy provides competitive exam aspirants a forum to discuss and ask questions related to exam preparation.
To demonstrate this I have created an account on pagalguy with email id — email@example.com and the account name on pagalugy is — @passivewriter
So we start by clicking on forgot password option.
The second step is to enter the user id
Third step : — Go to the developers menu and click on network.
Now as you click on the reset password option. See what happens
Click on the second passwords options
Do you see what is happening here? The password reset link is being sent here only. Now what we need to do is just copy the link and paste it in the browser.
Now just press enter and see the magic
So you can reset the password without even checking the mail. Amazing isn’t? Anyways if pagalguy has sent us an email then let’s go and check it as well
The link sent is same as above. Either you can click on reset password or just copy the link.
This was a major security bug and could have been used to change password of any user. Only thing you needed was userid.
Of course he/she will know about it because password reset email will be sent but still a company like Pagalguy needs to have better security management of their website.
This bug was fixed few months after I discovered it.