Misconfiguration in Change-password Functionality Leads to Account Takeover Hello everyone, We are Mahmoud Radwan and Mahmoud Samaha (0x2m) and this is our first Write-Up ever. This Write-Up describes How we could Takeover any account on a site using some misconfigurations in Change-Password Functionality. We were testing a private program so let’s call it site.com, …