webPromedium
Lab 118 — FlowDesk — Predictable Password Reset Token
hackadvisor
Task: FlowDesk project management SaaS with password reset feature generating tokens as MD5(unix_timestamp). Solution: triggered reset for own account, discovered token = MD5(timestamp) via local mailbox, predicted admin reset token by timestamp, took over admin account, retrieved flag from admin settings.
$ ls tags/ techniques/
admin_account_takeovertimestamp_based_token_predictionmd5_hash_reversallocal_mailbox_inspection
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]PulseDesk — Blind SQL Injection in Password Reset Token Extraction— hackadvisor
- [web][Pro]Lab 110 — FlowDesk — Mass Assignment Privilege Escalation— hackadvisor
- [web][Pro]Lab 98 — SprintDeck — SSRF via Link Preview URL Filter Bypass— hackadvisor
- [web][Pro]Lab 188 — PulseBoard — Host Header Injection in Password Reset— hackadvisor
- [web][Pro]Lab 375 — PageFlow — Web Cache Deception via Path Normalization— hackadvisor