Description:
At first, hello, after searching in sub-domains, the dashboard was accessed by Google Dorking Which is supposed to be protected
https://█████████l/arsys/forms/arpcp/ARPC%3AWeb%3AHier%3ADashboard/Default+Admin+View/?F536871388=1&mode=Submit&cacheid=c66791da
https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
CWE-200
https://cwe.mitre.org/data/definitions/200.html
█████████l
website
CVE-2020-7130
After searching in Google dorking on a file extension or endpoint jspDashboard found in the URL
https://████████l/arsys/forms/arpcp/ARPC%3AWeb%3AHier%3ADashboard/Default+Admin+View/?F536871388=1&mode=Submit&cacheid=c66791da
██████
==Note==
that it is leaked, you can log out and bypass it by typing anything in the username
box
Collect sensitive information on a local server and protect endpoints
With best regards and love
Toni…