SecNews: Content spoofing due to the improper behavior of the not-found message

ID H1:144084
Type hackerone
Reporter malcolmx
Modified 2016-08-09T08:17:15


The researcher detected a low level issue. Due to the approach of the researcher we decided to disclose it publicly.

The issue detected in , It's possible to inject text in the not-found message in order to trick the user to make him visit another website or do something an attacker might be interested in POC: : The link is shortened . Even the issue is out of scope But @secnewsgr deiced to accept it due to the good approach had on that issue.