How I was able collect PII of all users

Hello Folks 👋,

Parth, this side from BUG XS team. In this write up I am going to explain how I was able to retrieve Personal Identifiable Information (PII) of all users. If you want to learn more about vulnerability and exploits, don't forget to join us in our Bug Bounty Journey. Click here and DM us to get started.

Now the Vulnerability 🐱‍👤. Lets keep target name as redacted.com.

Here is the flow of the website:

  1. After entering credentials on login page server sends a POST request to…

--

--