Misconfiguration in Change-password Functionality Leads to Account Takeover
Hello everyone,
We are Mahmoud Radwan and Mahmoud Samaha (0x2m) and this is our first Write-Up ever.
This Write-Up describes How we could Takeover any account on a site using some misconfigurations in Change-Password Functionality.
We were testing a private program so let’s call it site.com, …
