Password Reset Vulnerability in etsy.com
Title : Password Reset Vulnerability in etsy.com Vuln URL : https://www.etsy.com/confirm.php?email= Author : Yogesh D Jaygadkar Reported : December 30, 2012 Fixed : December 30, 2012 Public Released : Jan 08, 2013 Description : In etsy.com, when users reset their password, they receives password reset link which is as below. https://www.etsy.com/confirm.php?email=[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 When I received this mail, I started playing with this link. I noticed that token is not getting validated from server side. So I removed it & tested with my own id. Final POC : https://www.etsy.com/confirm.php?email=[victim user's email ID]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 And Password changed successfully. Finally I