beta version reveals paths, environment variables and partially files contents
Unknown
Vulnerability Details
Hi guys!
You should disable error reporting on beta version. It reveals lot of information and even files contents.
How to reproduce:
1) Navigate to http://beta.apitest.io/newsletter, modify csrf-token "_token" to any data.
2) input something to "email" and "name" fields.
3) submit the form.
As result you will be redirected to exception page with list of files, source code and environment variables.
Please take a look at screenshot.
Actions
View on HackerOneReport Stats
- Report ID: 129869
- State: Closed
- Substate: resolved
- Upvotes: 2