This is so good. Everyone that watches this video, almost automatically becomes a better hunter. It's like the video we all wanted, even though we didn't realize it. Thank you, Katie. We're really lucky to have you. (P.S. AI Avatar Katie, is super cute. I gotta make me one of those...)
I don't understand this IDOR or not. I have two accounts, attacker and victim. I replaced the cookie via authorize. I activated a subscription on the attacker account, and it also turned on on victim. Is this considered a vulnerability? P.S. Also works with the replacement of the user name.
Honestly it’s a lot if you do feel overwhelmed just pick something randomly and just have a go don’t worry too much about finding something or getting a bounty at the start just get a feel for the process!