Discovered some minor but important issues and want to share with trusted contact at Wesfarmers that is often detected by their application firewall but not in all cases, and appears to be easily discoverable.
Doesn’t affect local/stored data but can easily be used to engineer a target into accepting you are a Bunnings employee. Hopefully the trusted contact here can validate themselves without using this vulnerability 