Let’s do a peek inside the admin dashboard - Abuse API endpoint
Discover a broken access control vulnerability in a popular productivity app with over 2 million users. This post details how an employee gained limited admin privileges by manipulating the API’s workspace ID, including steps to reproduce the exploit.