I am playing with a website whose URL is like: https://www.example.com/user//confirmation?confirmation_token=BQboHuTtwVmMsy8VbKR2
1.) so i want to know what does confirmation code means here?
2.) How can it be exploitable?
3.) Something privilege escalation using URL tampering?
Note: Also the confirmation_token value remains constant and does not change after every refresh.