Typefully
@CristiVlad25
Log in
When you know how to read code, you have superpowers. Don't be a script kiddie!👇
Share
 •Â
2 years ago
 •Â
View on X
When you know how to read code, you have superpowers. Don't be a script kiddie!👇 (mass account takeover writeup)
1. By reading JS code,
@by6153
was able to login into anyone's account without credentials.
2. Then he learned that "/admin/dashboard" was accessible for authenticated users but doesn't check if the user is an admin or a normal user.
3. Then from "User Management" section, he was able to create admin accounts.
4. Read the full write-up here:
z-sec.co/mass-account-takeover
#pentesting
#appsec
#infosec
#cybersecurity
#hacking
#bugbountytips
#bugbounty
#ethicalhacking