Last active
January 29, 2020 16:56
-
-
Save D4r3-D3v1L/c06dd703be23de44e9239dcffe9e3d6a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **An Attacker can Delete any Victims account with your Helpdesk** | |
| Here Attacker can make a request to delete victims account through this form Behalf of Victim | |
| By this any one can delete victims account by using your contact us (Helpdesk) | |
| IMPACT: | |
| Account Deletion of Any Account | |
| STEPS: | |
| **** | |
| Go to https://ask.stashinvest.com/contact/ and Go to Ask Question and Go to Contact and Now Submit your Question as Delete my account with the Victim mail | |
| It will take atleast 15 day or less to remove the account | |
| **** | |
| Proof Of Concept: | |
| Recommendation fix: | |
| Critical actions like close account should be verify by sending PIN code to user email and asks him to reply back the code again. | |
| Thank You | |
| Best regards, | |
| d4r3_d3v1l_ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment