Error Page Content Spoofing or Text Injection

## Summary A content spoofing vulnerability is identified on `multi.xnxx.com` where arbitrary text can be injected into error pages. The vulnerability allows an attacker to modify the content displayed to users by manipulating URL parameters, potentially leading to social engineering attacks. The issue manifests when users visit specially crafted URLs containing injected content, which is then reflected back to them under the trusted domain of the website. ## Steps to Reproduce 1. Navigate to `multi.xnxx.com` 2. Append arbitrary text after the `/` in the URL 3. Example URL that demonstrates the vulnerability: ``` https://multi.xnxx.com/.git/!!!ATENTION!%20This%20server%20is%20on%20Maintenance%20please%20go%20to%20WWW.EVIL.COM ``` 4. Observe that the injected text is reflected in the error page ## Impact The vulnerability allows attackers to inject content that appears under the trusted domain of the website. This can be leveraged for: - Social engineering attacks by displaying misleading content to users - Phishing attempts through crafted messages - Brand reputation damage through defacement-like modifications The associated CWE-657 (Violation of Secure Design Principles) typically impacts systems by: - Undermining established security measures - Creating opportunities for various attack vectors - Compromising the trustworthiness of the application - Potentially leading to more severe security issues due to fundamental design flaws