U.S. Dept Of Defense: IDOR leads to Leakage an ██████████ Login Information

Hi security team, According to my report 1092618, The VDP team agreed that █████████ and it's subdomains is in the scope of the DoD program I continue testing that domain . . Issue Description: There is an IDOR in██████.███████ that connected with ████████.███████ highly protected encryption chat...

U.S. Dept Of Defense: CSRF - Delete Account (Urgent)

Target Url https://██████████/███/██████/█████████ Summary: Hello, I found a Cross Site Request Forgery bug in the target endpoint on the GET request ████ which is critical because it can delete authenticated user account whenever he navigates to the attacker website or link. Step-by-step...