Dear Ladies and Gentlemen,
I was able to identify in the Process of sending a FAQ Proposal a Username and all other required Fields Bypass Vulnerability. The Attacker can bypass all the required fields by sending a space at any required field like name, text, answer or question which is a required Point and send empty FAQ Proposals and spam, scan or due further malicious things.
Through this if the attacker wants to send payloads or try to scan the system he can send a many proposals as he wants without alerting the admin which account and username, email, text, answer etc. is responsible for that. Plus that its a clear Bypass cause we can bypass through the Space ALL REQUIRED FIELDS FOR SENDING A FAQ PROPOSAL.
The Process of the Vulnerability:
Go to https://roy.demo.phpmyfaq.de/index.php?action=add&cat=0
Fill everthing with the required fields-> Intercept the Request
Replace all the required fields with a single space
Go and login as admin and verify the submitted FAQ Proposals -> You will not any required Information which has been sent through the FAQ Proposal
Thank you very much for your time.
Best regards
Ahmed Hassan