Yeah. It always depends where you are reporting it too. Some companies accept it and may even reward you, but for most cases it’s always a no go, because it requires social engineering (unless you can do it with CSRF). I always check for that!
Yeah. It always depends where you are reporting it too. Some companies accept it and may even reward you, but for most cases it’s always a no go, because it requires social engineering (unless you can do it with CSRF). I always check for that!