Title: Unveiling the Trio: Idor,Account,Takeover And Account Enumeration

Title: Unveiling the Trio: Idor Account Takeover And Account Enumeration

Subtitle: A Journey into Bug Bounty Hunting and the Quest for Security

---

**Introduction:**
Hello Freinds My name is raghav I am a security researcher.let’s go In the vast realm of cybersecurity, every vulnerability uncovered is a step towards fortifying digital landscapes. Join me, Raghav, on a thrilling exploration as I unveil three critical vulnerabilities lurking within the depths of redacted.com.I Divided This Into Chapters.

---

**Chapter 1: The Bug Bounty Resurgence:**
Embarking on a new bug bounty hunting adventure, I reflect on past endeavors marked as P5. Determined to make a difference, I set out to probe redacted.com for potential weaknesses.

---

**Chapter 2: The Reset Link Conundrum:**
Discovering a subtle CSRF vulnerability in the reset link, I delve into the intricacies of its exploitation. While the user interaction required mitigates its severity, the journey into sub.redacted.com reveals a hidden doorway to account takeover.

---

**Chapter 3: Unmasking Subdomains with getallurls:**
Armed with the potent getallurls tool, I navigate through the subdomains of redacted.com. The scan yields little, but a careful exploration uncovers a treasure trove: sub.redacted.com/email-verification/example.outlook.com. A seemingly innocent link becomes the gateway to account takeover without a password.

---

**Chapter 4: CSRF in the Shadows:**
The persistence of CSRF rears its head again, this time within the realms of password reset links. A deeper dive into the unchecked expiration of links opens doors to account enumeration and the revelation of real user email addresses.

---

**Chapter 5: Impact and Ramifications:**
Unraveling the potential consequences of these vulnerabilities, I explore the ripple effect on redacted.com's security posture. From account takeovers to exposed email addresses, the stakes are high.

---

**Chapter 6: Responsible Disclosure and Collaboration:**
In the spirit of ethical hacking, I discuss the importance of responsible disclosure. Collaboration with redacted.com's security team becomes pivotal in safeguarding user data and fortifying the platform against future threats.

---

**Conclusion:**
As the dust settles, the journey through redacted.com's vulnerabilities highlights the dynamic landscape of bug bounty hunting. Every exploit discovered is a call to action for improved cybersecurity practices, fostering a safer digital environment for all.

---

**Acknowledgments:**
A nod to the world of bug bounty hunters, security researchers, and the collaborative efforts shaping the future of cybersecurity. Together, we stand resilient against the ever-evolving threats in the digital realm.

---

*Disclaimer: The purpose of this blog is to highlight the importance of responsible disclosure and promote cybersecurity awareness. The vulnerabilities discussed have been reported to redacted.com for remediation.*