[ #bugbountytips ]
An ATO case which only works if your target doesn& #39;t verify your email immediately:
1.Sign up using the victim& #39;s (FB)Email address and Username.
2.Then use FB Oauth with the same details to sign up.
3. You might get logged in to the same account.
Sev- P2/P3
An ATO case which only works if your target doesn& #39;t verify your email immediately:
1.Sign up using the victim& #39;s (FB)Email address and Username.
2.Then use FB Oauth with the same details to sign up.
3. You might get logged in to the same account.
Sev- P2/P3
Explanation-After signing up with the victim& #39;s FB email and username set a random password for that account.
Then use FB OAuth with the same email and username but the password must be the FB password. The user already exists with these details so you may get logged in as victim.
Then use FB OAuth with the same email and username but the password must be the FB password. The user already exists with these details so you may get logged in as victim.