Hello all, I hope you’re fine! Our story today is a funny ATO I recently found it, so I decided to share it with you. Background: Let’s assume that our vulnerable subdomain is sub.redacted.com and it deals with an API subdomain called api.redacted.com , and the forget password function on our…