Story of a very lethal IDOR.
Insecure Direct Object Reference (IDOR)
If I didn’t even try to find that IDOR vulnerability I couldn’t have achieved this account takeover.
https://infosecwriteups.com/idor-that-allowed-me-to-takeover-any-users-account-129e55871d8