Account Take Over due to No Rate Limiting

The Story of Taking over tons of users Accounts

Account Takeover

For Google Dorks

sign_in options
Request OTP
OTP Verify
Intercepted OTP verify request
Payload options
Request Engine config
OTP Brute Forced
Account updates
Login with attacker mobile number
Logged in to victim account

Security Researcher | Security Engineer | Security Nerd…