صورت یک ایرانی وقتی صبح بلند میشه: 😐

In the RESET-PASSWORD process, if the request's JSON allows adding values like an array:

{"email":["victim@test.com","attacker@test.com"]}

it could be exploited to send the reset password link/code to an attacker's email, making it easy to take over the account.✅

This point is tricky. Motivation comes and goes, and ultimately you can't rely on it if you want to achieve mastery in your craft. Come up with a habit ("I will hack for two hours every morning") or work on something else if you feel tired. I often get tired of manual testing, and I switch to writing code for a new tool or something similar, just to change the pace of work. Many hackers suffer from ADHD, and it can be difficult for them to focus on one specific thing; I believe that if you are doing anything, even listening to a hacker podcast, you are already doing well. Step by step, meter by meter. Manage your energy properly, and you will see that making progress becomes easier.👑

Of course, there are times when you work hard but don't find any bugs. This happens. It's part of the process. Believe in yourself and know that if you keep working, the next bug is inevitable. It must be found sooner or later. Keep moving in the right direction! 👁