writeups.xyz / chaining improper authentication to idor and no rate limit for mass account takeover

Submitter : c2a

Date: 12 November 2021

Bounty : undisclosed

Vulnerabilities :

• Account Takeover
• Lack of Rate Limiting
• CSRF
• IDOR

Programs :

• Undisclosed

Authors :

• Mohit (@Mohit29295572)

Link :
https://tox7cv3nom.github.io/2021/11/12/chaining-of-csrf-token-misconfiguration-and-no-rate-limit-leads-to-mass-account-takeover.html