Zomato: Length extension attack leading to HTML injection
At the profile setting page where I can set my personal website I found this url: https://www.zomato.com/redirect?u=xxx&t=yyy Where xxx is the url that we can control and yyy is the hash. Through out blackbox testing I find out that if md5somescret + url == t then the redirect is allowed. This is...