REPORTED BY TEAM SOCIAL OCTOPUS
Description:
When updating account, if the user enters something like shown in figure 1, the user is directed back to the login page.
Severity:
Criticial
Comments:
I have tried several different comminations of numbers and letters for the email and it seems if there is a number after the ' . ', the user is directed to the login page.
Figure 1:
A number after ' . '. Directed to Login Page.
Figure 2:
garbage email id. Update Successful.
Figure 3:
number between n @ and ' . ' . Update Successful.
Figure 4:
number and letter after ' . ' . Update Successful.
Figure 5:
Directed to Login Page after the input as shown in figure 1
Suggestions:
Use a regex pattern to not allow numbers after the ' . '
It seems you are already checking for @ in the email address. Similarly, you could check if there is a number after the ' . '.
Figure 1
————————————————————————————
Figure 2
————————————————————————————
Figure 3
————————————————————————————
Figure 4
————————————————————————————
Figure 5
REPORTED BY TEAM SOCIAL OCTOPUS
Description:
When updating account, if the user enters something like shown in figure 1, the user is directed back to the login page.
Severity:
Criticial
Comments:
I have tried several different comminations of numbers and letters for the email and it seems if there is a number after the ' . ', the user is directed to the login page.
Figure 1:
A number after ' . '. Directed to Login Page.
Figure 2:
garbage email id. Update Successful.
Figure 3:
number between n @ and ' . ' . Update Successful.
Figure 4:
number and letter after ' . ' . Update Successful.
Figure 5:
Directed to Login Page after the input as shown in figure 1
Suggestions:
Use a regex pattern to not allow numbers after the ' . '
It seems you are already checking for @ in the email address. Similarly, you could check if there is a number after the ' . '.
Figure 1
————————————————————————————
Figure 2
————————————————————————————
Figure 3
————————————————————————————
Figure 4
————————————————————————————
Figure 5