Chaining IDOR Vulnerabilities
Intercept the update profile
Send it to repeater > change request method from POST to GET
Send it to intruder
We can see the staff_admin here
+
Change the admin email
Last updated
Intercept the update profile
Send it to repeater > change request method from POST to GET
Send it to intruder
We can see the staff_admin here
+
Change the admin email
Last updated