Circumventing parameter validation
State | Resolved May 2021 |
Issue ID | kBgsFMtS5 |
Asset | Web application |
Bounty | $2,500 |
Reported at | May 2021 |
Reporter | Usama Varikkottil |
Severity | Critical |
Visibility | Limited |
Weakness | CWE-233: Improper Handling of Parameters |
Description
By sending a specific format of the URL, the malicious user is able to bypass validation of certain parameters which allows attacker to perform sensitive actions.