A bug bounty write-up detailing an email verification bypass discovered in a real-world web application. By registering with one email, then changing it to a victim's email before verifying, the attacker could use the original verification link to create an account tied to an unverified email address. The root cause is that the system fails to invalidate the original token when the email is changed. The vulnerability enables impersonation, account squatting, and abuse of business workflows. The write-up covers the discovery steps, exploitation scenario, root cause analysis, and recommended fixes.
Sort: