Email Verification Bypass

Bypass Email Verification through an unprotected API endpoint in Swagger

Link to Relevant Writeup

If /api/docs is exposed you may access Swagger dashboard and use the /userDetails endpoint to get a verifyToken that you can use with the /email-verify endpoint to verify the company email.