SecNews: Content spoofing due to the improper behavior of the not-found message

2016-06-10T18:32:53
ID H1:144084
Type hackerone
Reporter malcolmx
Modified 2016-08-09T08:17:15

Description

The researcher detected a low level issue. Due to the approach of the researcher we decided to disclose it publicly.

The issue detected in https://www.secnews.gr , It's possible to inject text in the not-found message in order to trick the user to make him visit another website or do something an attacker might be interested in POC:https://goo.gl/Cuj53g : The link is shortened . Even the issue is out of scope But @secnewsgr deiced to accept it due to the good approach had on that issue.