Wasfi_182818
Feb 15, 2016Nimbostratus
Solved
Parameter tampring of the parameter
Hi;
Why would the passing of parameter "nick" to the user_menu.php yield disclosing the details of user1's CC details?
http://10.10.200.10/user_menu.php?nick=student1
This may yield th...
- Feb 15, 2016
Hi Wasfi, 'nick' is a valid parameter of the user_menu.php page and it does exist (the page is expecting this parameter). When the user_menu.php page is requested with the the 'nick' parameter and a value ('student1' in this case), the page displays the user menu of the username submitted as a value to the nick parameter. Within the user menu page, one can see his personal details like address, phone etc.