Security Issue Full Source Code Disclose [Critical] from Tanzil Khan on 2022-03-11 (public-security-disclosure@w3.org from March 2022)

From: Tanzil Khan <it.tanzilkhan@gmail.com>
Date: Fri, 11 Mar 2022 15:11:39 +0600
To: public-security-disclosure@w3.org, openbugbounty@w3.org
Message-ID: <CAFO74Xdp5C_8Zwz2S=xBt5-89v27Ynfvd4T=qn-jv_XB9rpM1Q@mail.gmail.com>

..Hi there,
     This is Tanzil Khan, *(Security Researcher and Bug Bounty Hunter)*
  I have found an instance that is vulnerable to a miss configuration that
discloses the source code of your internal services.



Vulnerable Instance information.

Vulnerable IP: 54.167.144.218:9000
Vulnerable URL: http://54.167.144.218:9000/



Found project:
kbr-app-demo
kbr-bootstrap-portal
kbr-covid19
kbr-devsecops
kbr-edge
kbr-flight
kbr-grafana
kbr-intelligent-ticketing
kbr-machine-learning
kbr-portal-demo
kbr-prognostics


*POC :*
[image: POC.png]
Also, I have attached the source list. As for *POC.*

if you need any information please let me know. hope you guys will fix this
ASAP
let me know when you fix



Best regards
Tanzil

Attachments

image/png attachment: POC.png
text/plain attachment: source_list.txt

Received on Friday, 11 March 2022 17:38:34 UTC