U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website
2017-02-04T02:05:07
ID H1:203311 Type hackerone Reporter generaleg Modified 2017-04-07T20:05:31
Description
A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!
{"h1reporter": {"url": "/generaleg", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/132/911/0bced0d6da4cd47e4d9616023ee67654cd6880a6_small.jpg?1508675544"}, "hacker_mediation": false, "disabled": false, "username": "generaleg", "is_me?": false}, "edition": 6, "title": "U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website", "bulletinFamily": "bugbounty", "published": "2017-02-04T02:05:07", "lastseen": "2018-04-19T17:34:13", "history": [{"lastseen": "2017-08-28T23:19:24", "bulletin": {"h1reporter": {"url": "/generaleg", "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/911/95c0f4e16257af7b3af526759e8495b6ca02feb4_small.jpg?1482842575"}, "hacker_mediation": false, "disabled": false, "username": "generaleg"}, "edition": 2, "title": "U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website", "bulletinFamily": "bugbounty", "published": "2017-02-04T02:05:07", "lastseen": "2017-08-28T23:19:24", "history": [], "modified": "1970-01-01T00:00:00", "reporter": "generaleg", "hash": "0a2f44f4d8c8ee3569aa27cb12759470672a851e219850e7b7d8ab8a62231509", "viewCount": 0, "bountyState": "resolved", "href": "https://hackerone.com/reports/203311", "type": "hackerone", "description": "A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!", "bounty": 0.0, "hashmap": [{"key": "h1team", "hash": "ad8d2423282258374106da04d116ce14"}, {"key": "description", "hash": "69bd39e3c12851c5f07ad92f848fc105"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "published", "hash": "6a47fdda9988e5ec963970b7cdfa65c4"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "href", "hash": "4936f45963d3b3c35d37d30c7792c5ce"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "modified", "hash": "fe3f171f649be7d45d9d11d3f5d45695"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "h1reporter", "hash": "c5a7f0bc39919ef5957dc44c21d4d835"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "title", "hash": "94f9e343abc36d47fa9febb6229e932f"}, {"key": "reporter", "hash": "5e20b787e51b97c07ca67d5743cb9fc6"}, {"key": "bountyState", "hash": "fafdd4fbb3fee9a56e17d43689f48d18"}], "references": [], "objectVersion": "1.3", "enchantments": {}, "h1team": {"url": "https://hackerone.com/deptofdefense", "handle": "deptofdefense", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/016/064/3ce323292157404a24a24ff6f728eb0896950f2a_small.png?1477763288", "medium": "https://profile-photos.hackerone-user-content.com/production/000/016/064/6a9705b6496b1e2af08100674a0985bd20ea3879_medium.png?1477763288"}}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "H1:203311"}, "differentElements": ["modified"], "edition": 2}, {"lastseen": "2017-10-22T16:35:07", "bulletin": {"h1reporter": {"url": "/generaleg", "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/911/0bced0d6da4cd47e4d9616023ee67654cd6880a6_small.jpg?1508675544"}, "hacker_mediation": false, "disabled": false, "username": "generaleg"}, "edition": 4, "title": "U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website", "bulletinFamily": "bugbounty", "published": "2017-02-04T02:05:07", "lastseen": "2017-10-22T16:35:07", "history": [], "modified": "2017-04-07T20:05:31", "reporter": "generaleg", "hash": "a5fc9dd969f22322a9ef18c462410bc4100be2e6696cc661527c3b7a68407a77", "viewCount": 0, "bountyState": "resolved", "href": "https://hackerone.com/reports/203311", "type": "hackerone", "description": "A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!", "bounty": 0.0, "hashmap": [{"key": "h1reporter", "hash": "129f0bffecebe192abb998f1855c19bb"}, {"key": "modified", "hash": "486432024a442d05102de5c34eef389e"}, {"key": "h1team", "hash": "ad8d2423282258374106da04d116ce14"}, {"key": "description", "hash": "69bd39e3c12851c5f07ad92f848fc105"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "published", "hash": "6a47fdda9988e5ec963970b7cdfa65c4"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "href", "hash": "4936f45963d3b3c35d37d30c7792c5ce"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "title", "hash": "94f9e343abc36d47fa9febb6229e932f"}, {"key": "reporter", "hash": "5e20b787e51b97c07ca67d5743cb9fc6"}, {"key": "bountyState", "hash": "fafdd4fbb3fee9a56e17d43689f48d18"}], "references": [], "objectVersion": "1.3", "enchantments": {"score": {"value": 6.1, "modified": "2017-10-22T16:35:07"}}, "h1team": {"url": "https://hackerone.com/deptofdefense", "handle": "deptofdefense", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/016/064/3ce323292157404a24a24ff6f728eb0896950f2a_small.png?1477763288", "medium": "https://profile-photos.hackerone-user-content.com/production/000/016/064/6a9705b6496b1e2af08100674a0985bd20ea3879_medium.png?1477763288"}}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "H1:203311"}, "differentElements": ["h1reporter"], "edition": 4}, {"lastseen": "2017-08-29T13:11:23", "bulletin": {"h1reporter": {"url": "/generaleg", "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/911/95c0f4e16257af7b3af526759e8495b6ca02feb4_small.jpg?1482842575"}, "hacker_mediation": false, "disabled": false, "username": "generaleg"}, "edition": 3, "title": "U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website", "bulletinFamily": "bugbounty", "published": "2017-02-04T02:05:07", "lastseen": "2017-08-29T13:11:23", "history": [], "modified": "2017-04-07T20:05:31", "reporter": "generaleg", "hash": "26fa64245081a1bea29039bcef7a8e47a7c9816997c3b223b50c5905e5b59fa7", "viewCount": 0, "bountyState": "resolved", "href": "https://hackerone.com/reports/203311", "type": "hackerone", "description": "A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!", "bounty": 0.0, "hashmap": [{"key": "modified", "hash": "486432024a442d05102de5c34eef389e"}, {"key": "h1team", "hash": "ad8d2423282258374106da04d116ce14"}, {"key": "description", "hash": "69bd39e3c12851c5f07ad92f848fc105"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "published", "hash": "6a47fdda9988e5ec963970b7cdfa65c4"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "href", "hash": "4936f45963d3b3c35d37d30c7792c5ce"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "h1reporter", "hash": "c5a7f0bc39919ef5957dc44c21d4d835"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "title", "hash": "94f9e343abc36d47fa9febb6229e932f"}, {"key": "reporter", "hash": "5e20b787e51b97c07ca67d5743cb9fc6"}, {"key": "bountyState", "hash": "fafdd4fbb3fee9a56e17d43689f48d18"}], "references": [], "objectVersion": "1.3", "enchantments": {}, "h1team": {"url": "https://hackerone.com/deptofdefense", "handle": "deptofdefense", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/016/064/3ce323292157404a24a24ff6f728eb0896950f2a_small.png?1477763288", "medium": "https://profile-photos.hackerone-user-content.com/production/000/016/064/6a9705b6496b1e2af08100674a0985bd20ea3879_medium.png?1477763288"}}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "H1:203311"}, "differentElements": ["h1reporter"], "edition": 3}, {"lastseen": "2017-08-22T11:09:39", "bulletin": {"h1reporter": {"disabled": false, "url": "/generaleg", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/911/95c0f4e16257af7b3af526759e8495b6ca02feb4_small.jpg?1482842575"}, "hacker_mediation": false, "username": "generaleg"}, "edition": 1, "title": "U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website", "bulletinFamily": "bugbounty", "published": "2017-02-04T02:05:07", "lastseen": "2017-08-22T11:09:39", "history": [], "modified": "1970-01-01T00:00:00", "reporter": "generaleg", "hash": "8dbdd268eb3667422a8f6140f8d455469522ccf2000b24cd654fd857d0157c67", "viewCount": 0, "bountyState": "resolved", "href": "https://hackerone.com/reports/203311", "type": "hackerone", "description": "A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!", "bounty": 0.0, "hashmap": [{"key": "h1reporter", "hash": "d1a56e2854aa1868ffd02d1e89866620"}, {"key": "h1team", "hash": "ad8d2423282258374106da04d116ce14"}, {"key": "description", "hash": "69bd39e3c12851c5f07ad92f848fc105"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "published", "hash": "6a47fdda9988e5ec963970b7cdfa65c4"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "href", "hash": "4936f45963d3b3c35d37d30c7792c5ce"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "modified", "hash": "fe3f171f649be7d45d9d11d3f5d45695"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "title", "hash": "94f9e343abc36d47fa9febb6229e932f"}, {"key": "reporter", "hash": "5e20b787e51b97c07ca67d5743cb9fc6"}, {"key": "bountyState", "hash": "fafdd4fbb3fee9a56e17d43689f48d18"}], "references": [], "objectVersion": "1.3", "enchantments": {}, "h1team": {"url": "https://hackerone.com/deptofdefense", "handle": "deptofdefense", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/016/064/3ce323292157404a24a24ff6f728eb0896950f2a_small.png?1477763288", "medium": "https://profile-photos.hackerone-user-content.com/production/000/016/064/6a9705b6496b1e2af08100674a0985bd20ea3879_medium.png?1477763288"}}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "H1:203311"}, "differentElements": ["h1reporter"], "edition": 1}, {"lastseen": "2018-02-07T16:57:59", "bulletin": {"h1reporter": {"url": "/generaleg", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/911/0bced0d6da4cd47e4d9616023ee67654cd6880a6_small.jpg?1508675544"}, "hacker_mediation": false, "disabled": false, "username": "generaleg", "is_me?": false}, "edition": 5, "title": "U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website", "bulletinFamily": "bugbounty", "published": "2017-02-04T02:05:07", "lastseen": "2018-02-07T16:57:59", "history": [], "modified": "2017-04-07T20:05:31", "reporter": "generaleg", "hash": "f40c6c69d5884ac63d705dea1e33e6da7503bca14b0f26eb099ba8551eb8b367", "viewCount": 0, "bountyState": "resolved", "href": "https://hackerone.com/reports/203311", "type": "hackerone", "description": "A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!", "bounty": 0.0, "hashmap": [{"key": "h1reporter", "hash": "807d510960774dc523cb627552e2f77d"}, {"key": "modified", "hash": "486432024a442d05102de5c34eef389e"}, {"key": "h1team", "hash": "ad8d2423282258374106da04d116ce14"}, {"key": "description", "hash": "69bd39e3c12851c5f07ad92f848fc105"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "published", "hash": "6a47fdda9988e5ec963970b7cdfa65c4"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "href", "hash": "4936f45963d3b3c35d37d30c7792c5ce"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "title", "hash": "94f9e343abc36d47fa9febb6229e932f"}, {"key": "reporter", "hash": "5e20b787e51b97c07ca67d5743cb9fc6"}, {"key": "bountyState", "hash": "fafdd4fbb3fee9a56e17d43689f48d18"}], "references": [], "objectVersion": "1.3", "enchantments": {"score": {"vector": "AV:N/AC:L/Au:M/C:C/I:C/A:C/", "value": 8.3, "modified": "2018-02-07T16:57:59"}}, "h1team": {"url": "https://hackerone.com/deptofdefense", "handle": "deptofdefense", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/016/064/3ce323292157404a24a24ff6f728eb0896950f2a_small.png?1477763288", "medium": "https://profile-photos.hackerone-user-content.com/production/000/016/064/6a9705b6496b1e2af08100674a0985bd20ea3879_medium.png?1477763288"}}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "H1:203311"}, "differentElements": ["h1team", "h1reporter"], "edition": 5}], "modified": "2017-04-07T20:05:31", "reporter": "generaleg", "hash": "edd55f25629e1ca2f516ef8ab25bedbd03609067539c0af8670aa80c74a93d15", "viewCount": 0, "bountyState": "resolved", "href": "https://hackerone.com/reports/203311", "description": "A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!", "type": "hackerone", "hashmap": [{"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "bountyState", "hash": "fafdd4fbb3fee9a56e17d43689f48d18"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "69bd39e3c12851c5f07ad92f848fc105"}, {"key": "h1reporter", "hash": "255a0720abcd836b6aec335988e4bca6"}, {"key": "h1team", "hash": "e5d287fa75430fcb9ac38bdf5e2363e6"}, {"key": "href", "hash": "4936f45963d3b3c35d37d30c7792c5ce"}, {"key": "modified", "hash": "486432024a442d05102de5c34eef389e"}, {"key": "published", "hash": "6a47fdda9988e5ec963970b7cdfa65c4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "5e20b787e51b97c07ca67d5743cb9fc6"}, {"key": "title", "hash": "94f9e343abc36d47fa9febb6229e932f"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}], "references": [], "objectVersion": "1.3", "bounty": 0.0, "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:13"}, "vulnersScore": 4.3}, "h1team": {"url": "https://hackerone.com/deptofdefense", "handle": "deptofdefense", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/016/064/3ce323292157404a24a24ff6f728eb0896950f2a_small.png?1477763288", "medium": "https://profile-photos.hackerone-user-content.com/000/016/064/6a9705b6496b1e2af08100674a0985bd20ea3879_medium.png?1477763288"}}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "H1:203311"}