writeups.xyz / Chaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at api.redacted.com

Submitter : c2a

Date: 10 November 2020

Bounty : undisclosed

Vulnerabilities :

HTTP Header Injection

Programs :

Undisclosed

Authors :

Jadek Mark (@Mase289)

Link :
https://medium.com/bugbountywriteup/chaining-password-reset-link-poisoning-idor-account-information-leakage-to-achieve-account-bb5e0e400745