Naresh LamGadeHostgator is one of the biggest hosting service provider in the world but still it had some critical issue which let us to hack into any hostgator accounts with just a click i.e, CSRF.
How I Hacked Your Bluegape Account
So, while making a signup on the website through the social media ( Facebook ) I found that lot of requested were being made on the site regarding the registered user from Facebook like names, profile link , fb profile image, username, password, accessToken, Gender, email etc.
so just for a fun I changed all info to Mark Zuckerberg information and it was all accepting and then I suddenly went to the site and saw that username field is disabled and I was unable to make it then I went back to the request and change the username to “zuck” and it was like boom it worked. Then I saw there was another parameter _id but it was encrypted so I just created another account and got it’s id and replaced the info and I was able to take over another account.
ProtonMail Vulnerability : Bypassing Invitation
ProtonMail is a secure encrypted email provider, which runs a “zero access” PGP mail service based in Switzerland. (Read More)
Since, ProtonMail doesn’t allow direct signup and they only accept the user through the invitation.
I had also signed up for ProtonMail to see the UI and all the things & go their invitation. I checked for some vulnerabilities and couldn’t find anything from the inside. Then I suddenly went through the invitation link which I was registered.