Skyport Systems: Nginx version disclosure via forbidden page
2016-12-28T04:55:03
ID H1:194319 Type hackerone Reporter overlax Modified 2017-02-07T18:17:40
Description
This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.
Impact:
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Steps to reproduce:
1. Go to https://skycontrol.skyportsystems.com/images/shell/
2. Now the nginx version shows in bottom.
{"id": "H1:194319", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Skyport Systems: Nginx version disclosure via forbidden page ", "description": "This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\nImpact: \nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\n\nSteps to reproduce: \n1. Go to ```https://skycontrol.skyportsystems.com/images/shell/```\n2. Now the nginx version shows in bottom. \n\n", "published": "2016-12-28T04:55:03", "modified": "2017-02-07T18:17:40", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/194319", "reporter": "overlax", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:13", "viewCount": 3, "enchantments": {"score": {"value": 2.0, "vector": "NONE", "modified": "2018-04-19T17:34:13", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:13", "rev": 2}, "vulnersScore": 2.0}, "bounty": 25.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/001/256/b7d62350008b291c01cefafd0ca964d4d4af28b4_medium.png?1428684798", "small": "https://profile-photos.hackerone-user-content.com/000/001/256/c0b94a9e73fff9ccb4de1d19193b54a6e343d94c_small.png?1428684798"}, "url": "https://hackerone.com/skyportsystems", "handle": "skyportsystems"}, "h1reporter": {"disabled": false, "url": "/overlax", "username": "overlax", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/132/927/7f85f94dc64627697044208cd25b9011f8bc1a98_small.png?1491994503"}, "hacker_mediation": false, "is_me?": false}}