Insufficient account process validation leads to account takeover (P3/P4) : [This vulnerability can also be called as Security Misconfiguration>Insufficient session validation after logout]
1) Create an account on the website.
2) Go to profile section. And Change & update your details in the name parameter and before saving it Open Burp suite, turn the proxy on and then click on Save.
3) Now capture the request in Burp suite and send it to the Repeater tab.
4) Now log out from the website and go back to the Burp suite.
5) Now change the details email & name parameters and click on "Go" in the repeater tab.
6) Now you will be able to see 200 ok response from the web server.
7) Now, login into your account and go to the Profile section to confirm
Insufficient account process validation leads to account takeover (P3/P4) : [This vulnerability can also be called as Security Misconfiguration>Insufficient session validation after logout]