Untitled
Observation: During the retest, it was observed that the application has not been remediated properly. While changing the user's First or Last name, the email parameter is not included in the POST request. However, an attacker can easily manipulate the request by intercepting it and adding the email parameter. No backend validation has been implemented to handle such cases; the developers have simply removed the email parameter from the request. Conclusion: The application remains vulnerable to this threat due to inadequate backend validation.
Leave a Comment