Blind Information Disclosure due to heavy misconfiguration

Evil hack Kong
Phone number and password is fake,xD
  1. Enumerate email ID’s from register function (
  2. Create account of yours ( which you have access on gmail
  3. Login to with and update your email to
  4. You can say ATO also(hahahhaaha), malfunctioning part is its update everything to main email.
  5. Passwords on for hacker and victim are qazwsx and qwerty respectively .
  6. Victim can log in using qwerty and qazwsx also (Misconfiguration)



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya Shende

Aditya Shende


#kongsec | Solo Bounty Hunter | Function Exploits and Report Crafting | Bikes | Not a XSS guy | Own views | Bugcrowd Top 100 l Top 10 P1 warriors | Biker