Bitpayme technology sol
Admin Account Takeover #3
Unanswered
amanhasan01
asked this question in
Bug-report
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Team,
I am writing to inform you of a serious security issue I encountered while exploring your website.
As a regular user, I visited your signup and login page:
🔗 URL: https://app.paymefin.tech/login
After creating an account to explore the platform’s features and functionalities, I attempted to log in using my newly created credentials. However, instead of being logged into my own account, I was granted access to the CEO’s account with full administrative privileges.
Here is the Video PoC Link-
https://drive.google.com/file/d/18fnWO95ZSbeUVrfV6ZEfU-klqN9qPTt2/view?usp=drive_link
Beta Was this translation helpful? Give feedback.
All reactions