The researcher chained an insecure password reset API route to bypass authentication, then discovered an IDOR vulnerability could be leveraged to access sensitive customer data.
For everyone that says “The real world can’t be as easy as training labs make it seem out to be!”, sometime it really do be that ez.
Great writeup, crazy how easy that one was. Basically a HTB ctf