Information Disclosure That shows the webroot of CoinBase Server

Disclosed: 2014-05-04 04:46:46 By mazen160 To coinbase
Unknown
Vulnerability Details
Hello, While I was testing The upload method on https://coinbase.com/merchant_settings , I have found that if you try to upload a php file or any other file html in this shape (test.php.jpg) , an Information Disclosure will happen showing the webroot of the server. I have provide a screenshot to demonstrate the issue. Thank you Mazin Ahmed @mazen160
Actions
View on HackerOne
Report Stats
  • Report ID: 5073
  • State: Closed
  • Substate: informative
  • Upvotes: 3
Share this report