Mars: Google dork lead to unsubscribe anyone from all Banfield emails

The vulnerability allowed an attacker to unsubscribe any Banfield user from their emails without authentication or authorization. The vulnerability was discovered through a Google dork search that led to an endpoint where the attacker could provide an email address to unsubscribe the user...

Mars: Response Manipulation lead to bypass verification code while making appointment at `█████████`

The vulnerability allowed bypassing the verification code when making an appointment at █████████. The response could be manipulated to change the verification check from false to true, enabling the appointment to be completed without the correct code...