Naresh LamGadeSo, while making a signup on the website through the social media ( Facebook ) I found that lot of requested were being made on the site regarding the registered user from Facebook like names, profile link , fb profile image, username, password, accessToken, Gender, email etc.
so just for a fun I changed all info to Mark Zuckerberg information and it was all accepting and then I suddenly went to the site and saw that username field is disabled and I was unable to make it then I went back to the request and change the username to “zuck” and it was like boom it worked. Then I saw there was another parameter _id but it was encrypted so I just created another account and got it’s id and replaced the info and I was able to take over another account.