IDOR via Websockets allow me to takeover any users account

  1. Always play with login, signup, and change info functionality. There is always something for you
  2. In this program, 40+ hackers were invited but they didn’t find it because I think most hackers don’t look for WebSockets. So check everything because we never know where will found the bug.
  3. Be creative as you can see I change UUID and I got an error because not changed the email so spend more time.
  4. It is so easy to find a critical bug you don’t need to do a Ph.D. xD. Learn one bug and spend lots of time with the program.

--

--

--

https://twitter.com/tabaahi_

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

TIPS TO OVERCOME CYBERBULLYING

Did a Quantum Hacker Withdraw $25 Million From a Sleeping Bitcoin Wallet?

Saying Goodbye to Google?

{UPDATE} Real Money Racing Skillz Hack Free Resources Generator

Neural Jail

How to Deposit on MEXC App?

CryptoGuyInZA Reward Adjustments

{UPDATE} Lemon Chest Simulator Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohsin khan

Mohsin khan

https://twitter.com/tabaahi_

More from Medium

Improving the impact of a mouse-related XSS with styling and CSS-gadgets

Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters

Writeup: CSRF where token is not tied to user session @ PortSwigger Academy

My First Reflected XSS Bug Bounty — Google Dork — $xxx