Circumventing parameter validation

State Resolved
May 2021
Issue ID kBgsFMtS5
Asset Web application
Bounty $2,500
Reported in May 2021
Reporter Usama Varikkottil
Severity Critical
Visibility Limited
Weakness CWE-233: Improper Handling of Parameters

Description

By sending a specific format of the URL, the malicious user is able to bypass validation of certain parameters which allows attacker to perform sensitive actions.


The rest of the report is undisclosed.