writeups.xyz / API Endpoint leads to Account Takeover In Android Application

Submitter : c2a

Date: 28 June 2020

Bounty : undisclosed

Vulnerabilities :

• Exposed Token Generation Endpoint
• Information Disclosure

Programs :

• Undisclosed

Authors :

• Adesh Nandkishor Kolte (@AdeshKolte)

Link :
https://web.archive.org/web/20200629033551/https://blogs.ad3sh.com/2020/06/api-endpoint-leads-to-account-takeover.html