Inconsistent handling of exceptional input

Imagine we have this website.

now let’s try to search for admin panel.

notice that the admin panel is only accessable if there was dontwannacry user email.

now let’s try to register.

now let’s register.

as we see we have registeration link to confirm so we can’t really just register the account so let’s try to register a normal account.

now let’s see if we can create an account with large name.

what will happen here is like a buffer overflow we could make it name bigger could it overflow the email

so now let’s start the attack.

notice that we are getting 200 status code.

now let’s go and login.

notice that there is number of A displayed and the email is truncated.