Untitled

Try It Out:
- After following the replication steps, managed to replicate the vulnerability
- Used Burp Suite to intercept the HTTP request, edited the request with the encoded IPs with the @ symbol
- Intercepted the response and got the 301 Moved Permanently with a body of contents
- Tried with the different special characters, wheverever that contains @ then there's still body content

- Potential Fix:
	Validate the URL which disallow the special character @ in it
	
Message Us:
- After following the replication steps, managed to replicate the vulnerability
- Used Burp Suite to intercept the HTTP request, edited the request where the code 836 under the "to" section is replaced by 944
- Couldn't verify if Deepanshu's account did receive the reply or not
- But what I found out is that the code should be 836, tried logging into different accounts all showing 836

- Potential Fix:
	Validate that the code must be 836 only