Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in mineweb/minewebcms

Description Hello, In the password reset it is possible to perform a Host Header Injection, so the victim will receive an email pointing to a third party site. By clicking, the attacker will be able to retrieve the victim's account reset token and use it to access his account. From Portswigger :...

Dropbox: URL modification changes server side behavior to allow access

@itay658 discovered that adding "?dl=1" allows files to be downloaded, even if they were blocked with error 429. The bug has been fixed and pushed out...