.png)
2 days ago
14 BOOK THIS SPACE FOR AD
ARTICLE AD
بسم الله والصلاة والسلام على نبينا المجاهد الشهيد
Hello Hunters! I’m Abdelrahman (A0xtrojan), and I’m excited to share my write-up with you, in public program
“My friend 0xkarim and I discovered a Broken Access Control vulnerability that could allow unauthorized access to restricted resources.”So let us start :)
$tep1:The first step is to create two accounts, one with the name Admin and the other User
$tep 2:I noticed that I add my employees via email and control their name, mobile number, and time zone.
$tep 3:I added an invitation to an employee(user) via email
$tep 4 :I went to the user account and could not change any information about me as an employee
$~Intercept the profile update request using Burp Suite
booooooooooooooom,Observe that the profile name updates successfully.
I submitted a report on the vulnerability, but after it was triged, it was duplicated, but an opportunity will come
Thank you for you time reading my writeup and i will publish the next Vulnerability soon :) and hope from you to share, like and support my Writeups :) stay safe
Bengali (Bangladesh) · 
English (United States) ·