https://www.legalrobot.com/
Unknown
Vulnerability Details
Hello,
I found a info disclosure vulnerability. We can enumerate emails via user_id parameter from Manage users.
And I found that :
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
I attached photos from burp repeater to be more explicit.
We can easily bruteforce user_id parameter with ids to harvest user's emails.
Regards,
Actions
View on HackerOneReport Stats
- Report ID: 228156
- State: Closed
- Substate: not-applicable
- Upvotes: 1