How an Expired Trial Led to a Critical Email Verification Bypass
During a recent pentest of a coworking space management application, our team had a really productive start. We quickly found some serious stuff: a critical IDOR that let us hijack other tenants' payment methods, and a stored XSS right in the admin dashboard. We also…
Continue reading...