Untitled
unknown
plain_text
2 years ago
947 B
5
Indexable
Try It Out: - After following the replication steps, managed to replicate the vulnerability - Used Burp Suite to intercept the HTTP request, edited the request with the encoded IPs with the @ symbol - Intercepted the response and got the 301 Moved Permanently with a body of contents - Tried with the different special characters, wheverever that contains @ then there's still body content - Potential Fix: Validate the URL which disallow the special character @ in it Message Us: - After following the replication steps, managed to replicate the vulnerability - Used Burp Suite to intercept the HTTP request, edited the request where the code 836 under the "to" section is replaced by 944 - Couldn't verify if Deepanshu's account did receive the reply or not - But what I found out is that the code should be 836, tried logging into different accounts all showing 836 - Potential Fix: Validate that the code must be 836 only
Editor is loading...