EZ 100$ with Change the account name after authenticating it

Ahmed Najeh
Apr 9, 2023

Hello, I found out that it is possible to change the name of the account after creating it This feature is not available on the site because the profile__firstname parameter is disabled


1- go to https://app.dev-weareblox.com/settings/profile and click on Create New Account

2- make an Account and go to settings

3- Change Country and click Save Changes send a request to burp

4- now change the parameter name firstName or lastname

The attacker can change his name many times, which helps in changing his identity, receiving, and sending without fear of knowing his true identity.

