Hazelnoot@hazelnoot@enby.life
Auditing an organization's website
Notice that some email links automatically log in as the recipient
Observe GET https://[redacted domain].com/directlogin.php?userid=[redacted base64] in the redirect chaindecode [redacted base64]
it's my email address and nothing else
replace it with someone else's email
immediately logged in as that person
