Public Vulnerable Version of Confluence https://confluence.olx.com

Disclosed: 2019-06-03 19:07:20 By hdbreaker To olx

High

Vulnerability Details

The public server is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. Link to the public issue: https://jira.atlassian.com/browse/CONF-39704 PoC: GET: https://confluence.olx.com/spaces/viewdefaultdecorator.action?decoratorName=/WEB-INF/classes/confluence-init.properties

Actions

View on HackerOne

Report Stats

Report ID: 207013
State: Closed
Substate: resolved
Upvotes: 31

Public Vulnerable Version of Confluence https://confluence.olx.com

Vulnerability Details

Actions

Report Stats

Share this report