U.S. Dept Of Defense: Local File Inclusion vulnerability on an Army system allows downloading local files

2016-11-22T00:06:26
ID H1:183978
Type hackerone
Reporter nahamsec
Modified 2017-01-06T21:21:25

Description

A misconfigured Army website may have allowed unauthorized users to remotely download local files, potentially revealing sensitive system or user information. Nahamsec was able to demonstrate this vulnerability by crafting a particularly formatted URL. Thanks Nahamsec!