U.S. Dept Of Defense: Local File Inclusion vulnerability on an Army system allows downloading local files

ID H1:183978
Type hackerone
Reporter nahamsec
Modified 2017-01-06T21:21:25


A misconfigured Army website may have allowed unauthorized users to remotely download local files, potentially revealing sensitive system or user information. Nahamsec was able to demonstrate this vulnerability by crafting a particularly formatted URL. Thanks Nahamsec!