Information Disclosure in Error Page

Disclosed: 2016-04-29 13:38:51 By thsa To paragonie

Unknown

Vulnerability Details

Hello, Here's an crafted URL which discloses web server used and version of same. > https://paragonie.com/%PI Even-though most error pages are handled by generic pages in paragonie.com, above given ```400 Bad Request``` sample is not handled. It seems this error page is because of Invalid URL Encoded (%PI) Value given in the request.

Actions

View on HackerOne

Report Stats

Report ID: 115219
State: Closed
Substate: informative
Upvotes: 2

Information Disclosure in Error Page

Vulnerability Details

Actions

Report Stats

Share this report