OTP Verification Bypass via Response Manipulation on Email Change Authentication Flow
Click to read the full walkthrough.
Bug
Price Manipulation via Client-Side Parameter Tampering
Click to read the full walkthrough
Exposed Unrestricted Google API Key in Client-Side: JavaScript Allows Unauthorized API Abuse
Click to read the full walkthrough.
IDOR - Unauthorized User Profile Update via Customer ID Manipulation
Click to read the full walkthrough
Account Takeover via Password Reset Token Misconfiguration
Click to read the full walkthrough.