Exploiting Max. Character Limitation

  • I can ignore this since this will anyway fall under informative or P5 or sometimes N/A
  • I can further explore and see where this lengthy name can be a further escalated to a potential threat either to a company or users or functionality.
Thats what we do : )
Right! we never give up
  1. Login as User-1, create business and invite User-2
  2. As User-2, join business of User-1.
  3. Now user-2 will update his name to lengthy name [More than 1000 characters].
  4. Now User-1 wants to remove User-2, so they should go to Go to settings > Members
  5. Here for the User-1, you will not find remove option.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sunil Yedla

Sunil Yedla

Bug bounty hunter | QA analyst | Security Researcher