U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website

2017-02-04T02:05:07
ID H1:203311
Type hackerone
Reporter generaleg
Modified 2017-04-07T20:05:31

Description

A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!