Accepting Invalid characters on email address

Disclosed: 2016-04-25 04:40:07 By siddiki To security
Unknown
Vulnerability Details
I tried to change my email address on hackerone.com.And when I tried adding null Bytes,it was being accepted by hackerone.com. I am registered wth ███ and I tried to change my email address to ████%00 And guess what,this address was granted as an email address.
Actions
View on HackerOne
Report Stats
  • Report ID: 3991
  • State: Closed
  • Substate: resolved
  • Upvotes: 5
Share this report