Horizontal => Vertical
User ID controlled by request parameter which tends to leak passwords
Login as a user and check for the admin panel
It restricts us, thereby try tampering the user's name as
administrator
oradmin
https://<website.com>/myaccount?username=administrator
This will return us a 200 status code and therby if we take a closer look we can see the password has been leaked in the web JS context.
Last updated