@schrottkatze have you tried changing any elements...

schrottkatze's posts Post Back to profile

@schrottkatze have you tried changing any elements likely to go into the WHERE clause of the SQL?

Although, if that turns out to allow you to change other people's names, you get the ethical conundrum of disclosure possibly also fixing the other client side validation "feature".

Like 10 February at 21:21 | Wall-to-wall | Open on infosec.exchange

2 comments

schrottkatze ⚡

@sophieschmieg no, i'm happy changing my own name. probing for other vulnerabilities is an exercise to the reader

10 February at 21:22 | Open on chaos.social

refraction :verified_transgender:

@sophieschmieg @schrottkatze changing everyone's name to be the same

10 February at 21:38 | Open on catcatnya.com

Go Up