The application misses server-side checks allowing me to bypass the requirement of providing…
2020-06-16 11:16:52 Author: medium.com(查看原文) 阅读量:147 收藏

Harsh Bothra

Jun 16 · 1 min read

  1. The application misses server-side checks allowing me to bypass the requirement of providing Current/Original Password.
  2. The server do not restrict the use of parameterized GET request to update the profile. However, it seems the application logic has validation in place for POST request as the developer might not be expecting things to come through GET request (General Mistakes)

Long Story Short: Restriction for GET Request and Server Side Checks were not implemented properly.

I hope that helps.


文章来源: https://medium.com/@hbothra22/the-application-misses-server-side-checks-allowing-me-to-bypass-the-requirement-of-providing-7dcfc9cffc07?source=rss-54fa249211d2------2
如有侵权请联系:admin#unsafe.sh