Greetings, Summary I tested XSS on Intel main domain, then “inter_searchTerm” parameter come out. This situation made me suspicious. I tried some XSS payloads in this parameter and i found. I noticed that when I viewed http header information, it was sql injection. This cookie parameter affected the whole domain because it is in all subdomains.
Greetings, Summary Vulnerability allows you to confirm a phone number or mail that you own or not. So you have bypassed the two factor authentication verification. Two-step verification must be active so leak can ocur. At the same time, the 2fa verification must be mandatory by the administrator.