Recon 2. Look for “technical” bugs (RCE, SQLi, XXE, XSS, etc) 3. Look for “logical” bugs (IDOR, Priv Esc, Info Leak, etc) Important to follow so you test everything possible
view other users’ email address IDOR #2 Info Leak #2 Using the email leaked in Info leak #1, I could get the profile’s UUID. GET GET IDOR #3 PUT Using the UUID leaked in Info Leak #2, I could change the profile’s email address Password Reset • Text Message to phone number L • Send email verification link (boring) • Answer security question ATO POST