Skip to content

Instantly share code, notes, and snippets.

@fir3storm

fir3storm/CWE Control Panel - Password Recovery Bypass.md

Created September 14, 2023 17:40
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
CWP Web Control Panel "Recover Password" component bypass
Raw
CWE Control Panel - Password Recovery Bypass.md
  1. Visit the CWP Control Panlel url :
  2. Enter a valid username and any email address (here the attacker will put his email id) Capture the request in Burp Suite

image image Click Forward In the next intercept, change the value "0" to "1" image image

Forward the request image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment