Information disclosure - emails disclosed in response > staging.seatme.us

Disclosed: 2017-05-11 11:32:43 By quistertow To yelp
Unknown
Vulnerability Details
Hello, I found a info disclosure vulnerability. We can enumerate emails via user_id parameter from Manage users. And I found that : >ID 1 is ██████ ID 514755 is ████████ ID 514775 is █████ ID 514764 is ███████ I attached photos from burp repeater to be more explicit. We can easily bruteforce user_id parameter with ids to harvest user's emails. Regards, Florin
Actions
View on HackerOne
Report Stats
  • Report ID: 49170
  • State: Closed
  • Substate: resolved
  • Upvotes: 21
Share this report