1> create two accounts , capture the req and then record the request (i.e whatever.email) then focusing on the victims account same steps procceded ,
log into the mozilla firefox and victims account in google chrome >> then just visit the attackers
account and change it to the victims email address and referesh the page on chrome !!
https://hackerone.com/reports/1714638arrow-up-right , this was too nice report !!! (different one )
Last updated 2 months ago
Was this helpful?
