Account takeover vulnerability in Azure’s API Management Developer Portal
In this blog (linked above) I explain how I used param-miner to discover a critical privilege escalation vulnerability in Azure’s API Management Developer Portal. This was my first ever responsible disclosure (and bug-bounty!) and netted me a healthy $10,000.
This post is licensed under CC BY 4.0 by the author.