|
|
|
|
|
|
by franga2000
2087 days ago
|
|
|
A full account takeover is a really shitty backdoor. Just make a separate "test" endpoint that's exactly the same as the main API but requires no authentication so anyone can read anything. Perfectly deniable as just a bug and entirely undetectable from a target's POV. |
|
|