Vulnerability report
anuj patil
anuj.patil610 at gmail.com
Wed Oct 11 16:41:35 EDT 2017
Vulnerability Name: Source code disclosure
Vulnerability Description: Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives.
Discovered by Scripting (Invalid_Page_Text_Search.script)
Vulnerability URL: www.pidgin.im/mlgD4ccLce.jsp
How To Reproduce this Vulnerability:1.goes directly to this URL: www.pidgin.im/mlgD4ccLce.jsp
2.then open burpsuite and on the intercept
3.then send to repeater and click on GO button
POC: Refer to the screenshot attached below..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/06a46ff6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: source code disclouser.png
Type: image/png
Size: 63168 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/06a46ff6/attachment-0001.png>
More information about the security
mailing list