Circumventing parameter validation
| State | Resolved May 2021 |
| Issue ID | kBgsFMtS5 |
| Asset | Web application |
| Bounty | $2,500 |
| Reported at | May 2021 |
| Reporter | Usama Varikkottil |
| Severity | Critical |
| Visibility | Limited |
| Weakness | CWE-233: Improper Handling of Parameters |
Description
By sending a specific format of the URL, the malicious user is able to bypass validation of certain parameters which allows attacker to perform sensitive actions.
The rest of the report is undisclosed.