Arrays in JSON

When sending JSON data, try to send multiple values in list. Seen two instances on twitter:

Person was able to bypass OTP verification by sending all otps in list.

e.g {"otp":[1223,1224,1225...]}

Person was able to takeover account by trying same password on multiple email address hoping one of them uses this weak password.

e.g {"email":["first2g.com","second@g.com",...], "password":"insecure"}

Previous403 Bypass NextOpen Redirect

Last updated 1 year ago