index.php
, now upon visiting target.tld/index.php, your profile will comeup and occupy the index.php page of an application. Similarly, if an attacker is able to signup with username login.php
, Imagine login page getting takeovered.Further Read: https://infosecwriteups.com/logical-flaw-resulting-path-hijacking-dd4d1e1e832f