U.S. Dept Of Defense: Full Account Take-Over of ████████ Members via IDOR

Summary https://███████ is a Social Network Site belonging to US DoD. Membership is open to anyone, I have found a method to fully take-over any members' account by exploiting an IDOR bug in the ██████████ end-point. By changing the following values in the POST request to the affected end-point:...