web application penetration testing

How I Hacked a 20M$ Company

- Account takeover without user interaction on sign with Facebook flow [Misconfiguration]

- Account takeover without user interaction via company mailing Function [Forward reset password message to the attacker mail]

- Block 1M+ users from accessing their accounts by taking over third-party service and access all the internal subdomains

- Bypass Admin Panel Using Google & fetch all Users Data