Content spoofing on yelp.onelogin
Low
Vulnerability Details
Hi Yelp Team,
I'm not sure if this one is out of scope but i want you guys to be aware of it, I have found that content spoofing is possible on yelp onelogin.
__Reference:__ https://www.owasp.org/index.php/Content_Spoofing
__PoC URL:__
https://yelp.onelogin.com/images%20storage%20has%20been%20transfered%20to%20new%20storage%20location,%20please%20go%20to%20www.malicious-site.com/images
Cheers
Japz
Actions
View on HackerOneReport Stats
- Report ID: 180559
- State: Closed
- Substate: informative
- Upvotes: 3