information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt

Disclosed: 2021-08-20 09:36:35 By zero_or_1 To mtn_group

High

Vulnerability Details

Hi MTN team , i got a 500 error show the full path of the windows server containing the log file of today i navigate to it ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt i saw all logins i made with user administrator as u see the logs files is a date `Log_21-06-2021.txt` you can read every day logs via manipulate the file name :) ## Impact Ability to see login logs

Actions

View on HackerOne

Report Stats

Report ID: 1239633
State: Closed
Substate: resolved
Upvotes: 32

information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt

Vulnerability Details

Actions

Report Stats

Share this report