API Endpoint leads to Account Takeover In Android Application


Hello Readers


This is  My First blog post  about my research in Android Application ,


TO Chaliye Shuru Karte hai !!!




What is TOKEN in API ?

Tokens are used in token-based authentication to allow an application to access an API. The application receives an Access Token after a user successfully authenticates and authorizes access, then passes the Access Token as a credential when it calls the target API.

"each user having their own token for maintaining authenticity" 








For Account takeover we need to have users email 



 1 Getting Token For user using API endpoint

    Intercept the request For this URL
      https://apiendpint.com/admin/apis/mobile/v1/check_user

   Send the request to repeater 
  
   Enter  user id of victim , and check response will get token

  



 aapchronologysamjiye hashtag on Twitter

 






2 Using token What Attacker can DO :


 Attacker Perform All Operations provided in Android Application using this vulnerability


For example
       
   1 update profile of any user
   2 get profile Of any user


   3 get_payment_history
   4 withdraw_request


Thanks for reading
      
 

Comments

Post a comment

Popular Posts