|
|
|
|
|
|
by VLM
3666 days ago
|
|
|
password reset email #123 gets url /user/123 password reset email #124 gets url /user/124 password reset email #125 gets url /user/125 but that doesn't work because someone predicted it and got there before the requestor. no idea what account they'll get, but they'll get an account of some type. This also comes up in shipping records. OK where do we go to steal an XYZ delivered today and sitting on a front porch? Well lets check /shippinglabel/345 /shippinglabel/346 /shippinglabel/347 oh look delivered today, sitting on back porch step, and the address is right there Another fun one is online financial documents with sequential accounts. |
|
|