It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without

Disclosed: 2017-12-26 11:02:58 By gregoryvperry To uber
Medium
Vulnerability Details
## Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. ## Security Impact Misconfiguration on the server results in information leakage without authentication. ## Reproduction Steps https://uchat.awscorp.uberinternal.com/static/main.740f5a0b92c00e72e2e1.js ## Specifics * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202 * https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion ## Impact Access to internal configuration files, system names, and source code.
Actions
View on HackerOne
Report Stats
  • Report ID: 298862
  • State: Closed
  • Substate: informative
  • Upvotes: 6
Share this report