@AN_Unknown0x earned ? for their submission to @bugcrowd! ? They found a subdomain, bypassed the WAF & RXSS, then sent user cookie and csrf token to their server. ? With this data, they could update victim profiles and change victim’s emails! ? Shoutout to @omidxplimbo & @Mistake_def! ?