Vulnerability report

anuj patil anuj.patil610 at gmail.com
Wed Oct 11 16:41:35 EDT 2017


Vulnerability Name:                                  Source code disclosure


Vulnerability Description:                         Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives.

Discovered by Scripting (Invalid_Page_Text_Search.script)



Vulnerability URL:                                      www.pidgin.im/mlgD4ccLce.jsp
  
How To Reproduce this Vulnerability:1.goes directly to this URL:  www.pidgin.im/mlgD4ccLce.jsp
                                                                    2.then open burpsuite and on the intercept
         			                         3.then send to repeater and click on GO button
                                        
POC:                                                            Refer to the screenshot attached below..




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/06a46ff6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: source code disclouser.png
Type: image/png
Size: 63168 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/06a46ff6/attachment-0001.png>


More information about the security mailing list