API Endpoint leads to Account Takeover In Android Application
Hello Readers
This is My First blog post about my research in Android Application ,

What is TOKEN in API ?
Tokens are used in token-based authentication to allow an
application to access an API. The application receives an Access Token
after a user successfully authenticates and authorizes access, then
passes the Access Token as a credential when it calls the target API.
"each user having their own token for maintaining authenticity"
For Account takeover we need to have users email
1 Getting Token For user using API endpoint
Intercept the request For this URL
https://apiendpint.com/admin/apis/mobile/v1/check_user
Send the request to repeater
Enter user id of victim , and check response will get token
https://apiendpint.com/admin/apis/mobile/v1/check_user
Send the request to repeater
Enter user id of victim , and check response will get token

2 Using token What Attacker can DO :
Attacker Perform All Operations provided in Android Application using this vulnerability
For example
1 update profile of any user
2 get profile Of any user
3 get_payment_history
4 withdraw_request
Thanks for reading
Awesome 👏
ReplyDeleteCool bhau...
ReplyDelete