How to find uncommon bugs via manual testing.

(thread)

1. There are two types of users, admin and normal user.

2. Admin user has a functionality to edit comments, while the normal user does not.

3. Capturing an admin request to modify a comment, and replacing session token with the one of the normal users, and VOILA.

Comment has been edited successfully.

4. I've made a video in which I go into detailed description about this bug.

https://www.youtube.com/watch?v=Ho2G4fjwBQ0

5. Like, retweet, and follow me @cristivlad25 for more posts like this.

#appsec #infosec #cybersecurity #pentesting #bugbounty