TTS Bug Bounty: Error Page Content Spoofing or Text Injection

2017-08-27T23:13:31
ID H1:263866
Type hackerone
Reporter dennis95
Modified 2017-11-17T17:40:20

Description

Hello i want to report a text injection which can be used in phishing

the bug exists at :

https://catalog.data.gov//has%20been%20changed%20by%20a%20new%20one%20https://www.attacker.com%20so%20go%20to%20the%20new%20one%20since%20this%20one%2f%2e%2e/

as you can see attacker text is included "It has been changed by a new one so go to the new one since this one was not found on this server."

hope you fix it

Hacker References:

https://hackerone.com/reports/106350 https://hackerone.com/reports/181594

drough