Vulnerability report
anuj patil
anuj.patil610 at gmail.com
Wed Oct 11 17:00:08 EDT 2017
Vulnerability Name: Source code disclosure
Vulnerability Description: Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives.
Discovered by Scripting (Text_Search_File.script)
Vulnerability URL: https://pidgin.im/security/security/pidgin.im
How To Reproduce this Vulnerability:1.goes directly to this URL: https://pidgin.im/security/security/pidgin.im
2.then open burpsuit and on the intercept
3.then send to repeater and click on GO button
POC: Refer to the screenshot mentioned below
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/120cf388/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: source code Disclouser .png
Type: image/png
Size: 62092 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/120cf388/attachment-0001.png>
More information about the security
mailing list