Whats App Admin Panel Takeover : https://translate-dev.whatsapp.com
old write-up : https://immukul.blogspot.com/2017/04/facebook-bypassing-prohibit-embedding.html
This post is about vulnerability that i found on whatsapp translate website which can leads to expose users email id. I was able to approve translation also.
Fun part is that i got E-mail ids of whatsapp founders Brian Acton and Jan Koum too.
One day i was going through website https://dnsdumpster.com/ and i tried to find subdomains of https://whatsapp.net. I found bunch of sub domains, there was domain https://tsl102.whatsapp.net/ which redirects to https://translate-dev.whatsapp.com .
Then just entered
USERNAME:- admin PASSWORD:- admin
And successfully logged in to admin panel.