Full directory path listing
Unknown
Vulnerability Details
STEP:
====================
1. goto https://bridge.cspr.ng/login and enter your username,password
2. click "LogIn" and intercept the request
3. change the value in cookie header and add '(single quote) in PHPSESSID field
eg: PHPSESSID=kn7e21dpp2ocai2ckn1v147qev'
4. Forward the packet and see full path is disclose
{F186342}
Actions
View on HackerOneReport Stats
- Report ID: 230098
- State: Closed
- Substate: spam
- Upvotes: 13