Hi Bro,
I will share my findings about the domino bug, Change Email Login without verification
Step :
- Open dominos.co.id
- Login your account
- Go To My Account
- Open Burp Suite -> Click Intercept
- Back My Account Dominos -> Click Save
- Check Burp Suite, Search Content-Disposition: form-data; name=”email” (Change Email Victim / Random)
7. Click Forward In Burp Suite
8. Your email has been replaced with the victim’s email you entered
Impact : Can Change Mail Without Verification & Can Replace Anyone’s Email Including The Company itself
Timeline Report
Report Bug ( 6 March 2020 )
Dominos : Respon Low Impact ( 23 March 2020 ) & Bug Not Fixed