h1-ctf: [h1-415 2020] Multiple chained vulnerabilities lead to leaking secret document
Hi! Summary Multiple chained vulnerabilities lead to leaking secret documents. Improper sanitization in registration allows an attacker to create a QR recover code for any email address. This leads to an account takeover. Using that technique on jobert's account, attacker can access the support...