Hostgator is one of the biggest hosting service provider in the world but still it had some critical issue which let us to hack into any hostgator accounts with just a click i.e, CSRF.
How I Hacked Your Bluegape Account
So, while making a signup on the website through the social media ( Facebook ) I found that lot of requested were being made on the site regarding the registered user from Facebook like names, profile link , fb profile image, username, password, accessToken, Gender, email etc.
so just for a fun I changed all info to Mark Zuckerberg information and it was all accepting and then I suddenly went to the site and saw that username field is disabled and I was unable to make it then I went back to the request and change the username to “zuck” and it was like boom it worked. Then I saw there was another parameter _id but it was encrypted so I just created another account and got it’s id and replaced the info and I was able to take over another account.
ProtonMail Vulnerability : Bypassing Invitation
ProtonMail is a secure encrypted email provider, which runs a “zero access” PGP mail service based in Switzerland. (Read More)
Since, ProtonMail doesn’t allow direct signup and they only accept the user through the invitation.
I had also signed up for ProtonMail to see the UI and all the things & go their invitation. I checked for some vulnerabilities and couldn’t find anything from the inside. Then I suddenly went through the invitation link which I was registered.