How signing up for an account with an @company.com email can have unexpected results

I really didn’t fancy social enigneering a phone company to take over that mobile number. tip: don’t rely on 2fa via sms
  • Signup using *@organisation.com email
  • Click “Claim” on organisation.
  • Change email to one we control & press submit.
  • Change email back to *@organisation.com and click link.
  • We’re in! :)

--

--

--

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sean (zseano)

Sean (zseano)

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

More from Medium

Introduction to Assure

Cybersecurity Cockpit — A Pilot View

Project 2: E-Commerce/Practitioners Website

ANNOUNCING THINKIUMS BUG BOUNTY