Information Disclosure on lite.uber.com

Disclosed: 2016-07-07 23:28:19 By kusl To uber
Unknown
Vulnerability Details
Hello, according to your [policy] (https://hackerone.com/uber?view_policy=true), you are looking for Local File Disclosure. And lite.uber.com also in scope for your program. request: ``` GET https://lite.uber.com/auth/login HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Connection: keep-alive Cache-Control: max-age=0 Content-Length: 0 Host: lite.uber.com ``` answer: ``` HTTP/1.1 500 Internal Server Error Server: nginx Date: Thu, 21 Apr 2016 00:04:13 GMT Content-Type: application/json; charset=utf-8 Content-Length: 14792 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block ETag: W/"39c8-pwj5OPZu0zqTzGlt6yb/sQ" Set-Cookie: yellow-river.sid=s%3AYpN9Bih6hDITIudKeIXlF4_PeWUzK6TH.w7fRURCOXvaHVUgiBgP4W3Peewlfw5ua%2F1BsIbg1lCM; Path=/; Expires=Fri, 21 Apr 2017 00:04:13 GMT; HttpOnly Set-Cookie: yellow-river:sess=MJao-EO0ypYIEB2siVDmpg.YjvcBZ2bV-UhSujiVW6gkv0xkFABxOFBJONOP-jLR4gOR-i70PugOZ4QXKx-Bw87rp3zQ-KlzJbnRwGgsvfLPhcHW5Ie_ebcHHwGbqmRykiMQblEaS8SLU-zKFCuLXrR6VQhgeGFEc0Hq1Ff3DziEg.1461197053672.86400000.Z7p-NsRMyhcNU-OyvtfOEf5Xdaj3bkPktTZ0SSTJ4f4; path=/; expires=Fri, 22 Apr 2016 00:04:14 GMT; httponly X-Uber-App: yellow-river Strict-Transport-Security: max-age=0 X-Content-Type-Options: nosniff {"stack":"Session5xxErrorError: Session error - unable to read alipayUser from session\n at createError (/home/udocker/yellow-river/node_modules/error/typed.js:31:22)\n at middleware (token.js:12:19)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/route.js:131:13)\n at statsdRouteMiddleware (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/route-statsd.js:11:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/route.js:131:13)\n at Route.dispatch (/home/udocker/yellow-river/node_modules/express/lib/router/route.js:112:3)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:277:22\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at exportLocalsMiddleware (export-locals.js:16:12)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at SessionStrategy.strategy.pass (/home/udocker/yellow-river/node_modules/passport/lib/middleware/authenticate.js:325:9)\n at SessionStrategy.authenticate (/home/udocker/yellow-river/node_modules/passport/lib/strategies/session.js:71:10)\n at attempt (/home/udocker/yellow-river/node_modules/passport/lib/middleware/authenticate.js:348:16)\n at authenticate (/home/udocker/yellow-river/node_modules/passport/lib/middleware/authenticate.js:349:7)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at initialize (/home/udocker/yellow-river/node_modules/passport/lib/middleware/initialize.js:53:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at session (/home/udocker/yellow-river/node_modules/express-session/index.js:397:7)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at setUpRenderHelper (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/render.js:68:12)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at /home/udocker/yellow-river/node_modules/express-useragent/index.js:43:9\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at csrf (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/csrf.js:17:14)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at resLocals (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/locals.js:8:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at proxyUrlMiddleware (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/proxy-url.js:18:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at cdnUrlMiddleware (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/cdn-url.js:14:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at absoluteUrlMiddleware (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/absolute-url.js:15:12)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at assetUrlMiddleware (/home/udocker/yellow-river/node_modules/@uber/bedrock/lib/middleware/asset-url.js:66:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at hidePoweredBy (/home/udocker/yellow-river/node_modules/hide-powered-by/index.js:12:7)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at xXssProtection (/home/udocker/yellow-river/node_modules/x-xss-protection/index.js:19:7)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at frameguard (/home/udocker/yellow-river/node_modules/frameguard/index.js:45:5)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:22:17)\n at connectMomentI18n (/home/udocker/yellow-river/node_modules/connect-moment-i18n/lib/connect-moment-i18n.js:21:5)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at expressTranslateMiddleware (/home/udocker/yellow-river/node_modules/express-translate/lib/express-translate.js:133:5)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at setReqLocale (/home/udocker/yellow-river/node_modules/uber-i18n/lib/uber-i18n.js:87:5)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:22:17)\n at localizeRouteFn (/home/udocker/yellow-river/node_modules/@uber/express-route-localization/lib/localize-route.js:49:5)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at referralParserFn (/home/udocker/yellow-river/node_modules/@uber/express-route-localization/lib/referral-parser.js:47:5)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at stack (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:45:9)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at stack (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:45:9)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:22:17)\n at attachSessionObject (/home/udocker/yellow-river/node_modules/@uber/cookie-sessions/index.js:24:12)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at clientSession (/home/udocker/yellow-river/node_modules/client-sessions/lib/client-sessions.js:630:5)\n at callbacks (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:16:21)\n at stack (/home/udocker/yellow-river/node_modules/connect-stack/stack.js:45:9)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at cookieParser (/home/udocker/yellow-river/node_modules/cookie-parser/index.js:56:14)\n at Layer.handle [as handle_request] (/home/udocker/yellow-river/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:312:13)\n at /home/udocker/yellow-river/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:330:12)\n at next (/home/udocker/yellow-river/node_modules/express/lib/router/index.js:271:10)\n at SendStream.error (/home/udocker/yellow-river/node_modules/serve-static/index.js:120:7)\n at SendStream.emit (events.js:95:17)\n at SendStream.error (/home/udocker/yellow-river/node_modules/send/index.js:245:17)\n at SendStream.onStatError (/home/udocker/yellow-river/node_modules/send/index.js:356:12)\n at next (/home/udocker/yellow-river/node_modules/send/index.js:630:16)\n at onstat (/home/udocker/yellow-river/node_modules/send/index.js:619:14)\n at Object.oncomplete (fs.js:107:15)","type":"session.5xx.error","status":500,"message":"Session error - unable to read alipayUser from session","name":"Session5xxErrorError","fullType":"session.5xx.error"} ``` Thank's and Best!
Actions
View on HackerOne
Report Stats
  • Report ID: 133375
  • State: Closed
  • Substate: informative
  • Upvotes: 3
Share this report