Password reset poisoning to ATO and OTP bypass

$5K Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)

Bypassing LFI (Local File Inclusion)