Table of contents HowToHunt.md Account Takeover Methodology Chaining Low Impact Bugs with Xss No Rate Limit On Login with Weak Password Policy Password Reset Poisoning Leads To Token Theft Using Auth Bypass Using CSRF Using Sensitive Data Exposure Token Leaks In Response Application Level DoS Email Bounce Issues Long Password DoS Long String DOS