Please enable JavaScript.
Coggle requires JavaScript to display documents.
RECON, EXPLOIT - Coggle Diagram
RECON
Feature
Lupa password
Account Takeover
Registration
phone number enumeration
otp bypass
wrong pin llimit bypass
Authentication bypass
session management attacks
Data validation bypass
Access control issue
Profile
Hapus akun
Edit profile
upload file/img
EXPLOIT
Access control
Vertical
Horizontal
LOGIN
AUTH
OTP 3x salah di blok 1jam
'resend otp key' are unique
sending default is via "wa"
editing parameter to "sms"
JWT
accepting token with no signature
edit path
edit sub/username
hapus signature
edit alg : "none"
parameter payload
edit sub/username
parameter header
enig alg : "none"
parameter signature
hapus signature