A security research writeup documenting improper input handling in a web application's search functionality. The application fails to sanitize or encode user-supplied input, enabling reflected XSS, DOM-based XSS, and HTML injection. Additionally, crafted inputs expose internal backend details such as private IP addresses and
Sort: