[SUGESTION] Plus Sign on URLs

Questions or suggestions about the platform
Post Reply
Pedro_SEC_R
Posts:9
Joined:Fri Jul 14, 2017 2:36 pm
[SUGESTION] Plus Sign on URLs

Post by Pedro_SEC_R » Wed Sep 06, 2017 4:53 pm

Hello there,
Recently I had a company reached out to me because it couldn't reproduce the vulnerability correctly. I later found out that the URL encoded '%2B' was decoded to '+' an then it wouldn't work since the application translates the '+' as space. Perhaps we could have an option to not decode URL encoded characters.
I don't know if I let myself clear but since the company hasn't patch the vuln yet I can't post the payload here.

Thanks
Top
User avatar
x1admin
Site Admin
Posts:3102
Joined:Sun Nov 15, 2015 7:04 pm

Re: [SUGESTION] Plus Sign on URLs

Post by x1admin » Wed Sep 06, 2017 5:16 pm

Pedro_SEC_R wrote:
Wed Sep 06, 2017 4:53 pm
 Hello there,
Recently I had a company reached out to me because it couldn't reproduce the vulnerability correctly. I later found out that the URL encoded '%2B' was decoded to '+' an then it wouldn't work since the application translates the '+' as space. Perhaps we could have an option to not decode URL encoded characters.
I don't know if I let myself clear but since the company hasn't patch the vuln yet I can't post the payload here.

Thanks
provide report id
Top
Pedro_SEC_R
Posts:9
Joined:Fri Jul 14, 2017 2:36 pm

Re: [SUGESTION] Plus Sign on URLs

Post by Pedro_SEC_R » Thu Sep 07, 2017 2:33 pm

/282314
Top
Post Reply

Return to “OpenBugBounty Platform”

Who is online

Users browsing this forum: No registered users and 2 guests