You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
password reset: when you forget your password and want to change it, the application sends a token or OTP to your email, then you use it to reset your password, you may find that the endpoint is relying on your ID or email address and vulnerable to IDOR
password change: when you are logged in, you can change your email or password or any other info, you may find that the endpoint is relying on your ID and vulnerable to IDOR
The difference both of them
check if the password change endpoint is vulnerable to IDOR
check if the password reset endpoint vulnerable to IDOR
The text was updated successfully, but these errors were encountered: