How I was able collect PII of all users

Hello Folks 👋,

Parth, this side from BUG XS team. In this write up I am going to explain how I was able to retrieve Personal Identifiable Information (PII) of all users. If you want to learn more about vulnerability and exploits, don't forget to join us in our Bug Bounty Journey. Click here and DM us to get started.

Now the Vulnerability 🐱‍👤. Lets keep target name as

Here is the flow of the website:

  1. After entering credentials on login page server sends a POST request to…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store