Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Hossam A. Mesbah 🇵🇸 Profile picture
Hossam A. Mesbah 🇵🇸
@m359ah
Sr. Security engineer | Penetration tester | Bug bounty hunter https://t.co/tuKTyrFrWo | https://t.co/PGSwsav7HG | https://t.co/Z6BCawM3XF
Dec 4, 2022 5 tweets 2 min read
3 Simple broken access control vulnerabilities you should hunt for, while logic vulnerabilities testing
#BugBounty
#bugbountytip
#bugbountytips
#Bugcrowd
👇👇 If the website allows creating an organisation you have ex.
2 roles admin && admin

access the user's information endpoint with the admin 2 , save the request

With the previous admin downgrade his role to few user and execute the request and see If you can access the users PII