IDOR via Websockets allow me to takeover any users account

  1. Always play with login, signup, and change info functionality. There is always something for you
  2. In this program, 40+ hackers were invited but they didn’t find it because I think most hackers don’t look for WebSockets. So check everything because we never know where will found the bug.
  3. Be creative as you can see I change UUID and I got an error because not changed the email so spend more time.
  4. It is so easy to find a critical bug you don’t need to do a Ph.D. xD. Learn one bug and spend lots of time with the program.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store