Cool Pentest Findings with Quailu

Account Takeover via IDOR Chains, CSRF in Security Questions Leading to Account Takeover & Privilege Escalation by Token Manipulation

β€’ Amin Malekpour β€’ Season 1 β€’ Episode 2

Share episode

In this episode of Cool Pentest Findings with Quailu, we break down three powerful security flaws that lead to account takeovers and privilege escalation.

πŸ” What’s Inside:
βœ… Account takeover via IDOR chaining – How combining two IDOR vulnerabilities led to full control over user accounts.
βœ… CSRF in security questions leading to account takeover – A simple CSRF flaw that allowed attackers to reset victim passwords.
βœ… Privilege escalation by token manipulation – How weak authorization checks enabled attackers to escalate their privileges.

Each finding demonstrates how small misconfigurations can snowball into major security risksβ€”and what you can do to prevent them.

Have a cool pentest finding to share? Submit your discoveries via the Google Form in the episode description! Also, follow, rate, and review to support the podcast.

πŸ‘‰ Stay curious, hack ethically, and keep learning! 

🌍 Follow & Connect β†’ LinkedIn, YouTube, Twitter, Instagram
πŸ“© Submit Your Pentest Findings β†’ Google Form link
πŸ“§ Feedback? Email Us β†’ podcast@quailu.com.au
πŸ”— Podcast Website β†’ Website Link

People on this episode

Head Shot

Amin Malekpour

Host