ID H1:226514Type hackeroneReporter ruisilvaModified 2017-05-07T01:41:36
Description
Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com
For reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins
You will see something like this : Class '\ParagonIE\Airship\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\Tuner\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\Tuner\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\Tuner\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\Tuner\Router::route(Array) #4 {main}
See attached file
Thanks
{"bountyState": "informative", "bulletinFamily": "bugbounty", "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}, "viewCount": 17, "reporter": "ruisilva", "references": [], "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "hashmap": [{"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "bountyState", "hash": "46a32b6ca1227591b068c0ff66424b4a"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "9a327743315925d2785657073897ee62"}, {"key": "h1reporter", "hash": "e879a10461a1778b79ed7b8e56ed890c"}, {"key": "h1team", "hash": "30e122c6b38a5487c4df948efec27471"}, {"key": "href", "hash": "b7a02fc265fecf7af2e332fe46ea5aeb"}, {"key": "modified", "hash": "debbddba69e2d3fd5f5ffe9e6bb2a787"}, {"key": "published", "hash": "b6e8fc5f5eb60dec94925c4a05cedb90"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b7ac964ce929cb6eed7089c878ccd151"}, {"key": "title", "hash": "0f2aaffd337b8c678dba78fe66f316d3"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}], "href": "https://hackerone.com/reports/226514", "modified": "2017-05-07T01:41:36", "objectVersion": "1.3", "bounty": 0.0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "id": "H1:226514", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "hash": "8461fb297d99ee5ff70a5fa13dd59793c5d02765c4a7f0df025124c099a0c187", "edition": 5, "published": "2017-05-06T08:17:30", "type": "hackerone", "history": [{"lastseen": "2017-08-28T23:19:24", "bulletin": {"bountyState": "informative", "bulletinFamily": "bugbounty", "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}, "viewCount": 16, "reporter": "ruisilva", "references": [], "cvelist": [], "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "hashmap": [{"key": "title", "hash": "0f2aaffd337b8c678dba78fe66f316d3"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "9a327743315925d2785657073897ee62"}, {"key": "href", "hash": "b7a02fc265fecf7af2e332fe46ea5aeb"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "h1team", "hash": "b218e1bd77b6b3f53569e8f63365d3d4"}, {"key": "modified", "hash": "fe3f171f649be7d45d9d11d3f5d45695"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "h1reporter", "hash": "60623d7e536f80619ce7aa7b41f72183"}, {"key": "bountyState", "hash": "46a32b6ca1227591b068c0ff66424b4a"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "reporter", "hash": "b7ac964ce929cb6eed7089c878ccd151"}, {"key": "published", "hash": "b6e8fc5f5eb60dec94925c4a05cedb90"}], "href": "https://hackerone.com/reports/226514", "modified": "1970-01-01T00:00:00", "objectVersion": "1.3", "bounty": 0.0, "enchantments": {}, "id": "H1:226514", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "hash": "96a89c6a4c090ae70ef1f3808415a6aa0312a3531016a9b3a70e0082959b2fe5", "edition": 2, "published": "2017-05-06T08:17:30", "type": "hackerone", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "lastseen": "2017-08-28T23:19:24"}, "differentElements": ["modified"], "edition": 2}, {"lastseen": "2018-02-07T16:57:59", "bulletin": {"bountyState": "informative", "bulletinFamily": "bugbounty", "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}, "viewCount": 16, "reporter": "ruisilva", "references": [], "cvelist": [], "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "hashmap": [{"key": "title", "hash": "0f2aaffd337b8c678dba78fe66f316d3"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "9a327743315925d2785657073897ee62"}, {"key": "href", "hash": "b7a02fc265fecf7af2e332fe46ea5aeb"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "h1team", "hash": "b218e1bd77b6b3f53569e8f63365d3d4"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "h1reporter", "hash": "e879a10461a1778b79ed7b8e56ed890c"}, {"key": "modified", "hash": "debbddba69e2d3fd5f5ffe9e6bb2a787"}, {"key": "bountyState", "hash": "46a32b6ca1227591b068c0ff66424b4a"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "reporter", "hash": "b7ac964ce929cb6eed7089c878ccd151"}, {"key": "published", "hash": "b6e8fc5f5eb60dec94925c4a05cedb90"}], "href": "https://hackerone.com/reports/226514", "modified": "2017-05-07T01:41:36", "objectVersion": "1.3", "bounty": 0.0, "enchantments": {"score": {"value": 6.3, "modified": "2018-02-07T16:57:59", "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C/"}}, "id": "H1:226514", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "hash": "453b618d5d20b51948932ca028e71377fcd80aa1885735f429be25cbd7aaf7af", "edition": 4, "published": "2017-05-06T08:17:30", "type": "hackerone", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "lastseen": "2018-02-07T16:57:59"}, "differentElements": ["h1team"], "edition": 4}, {"lastseen": "2017-08-22T11:09:40", "bulletin": {"bountyState": "informative", "bulletinFamily": "bugbounty", "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "disabled": false, "username": "ruisilva"}, "viewCount": 16, "reporter": "ruisilva", "references": [], "cvelist": [], "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "hashmap": [{"key": "title", "hash": "0f2aaffd337b8c678dba78fe66f316d3"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "h1reporter", "hash": "3f455c386c1946f06e7017a58926f8ef"}, {"key": "description", "hash": "9a327743315925d2785657073897ee62"}, {"key": "href", "hash": "b7a02fc265fecf7af2e332fe46ea5aeb"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "h1team", "hash": "b218e1bd77b6b3f53569e8f63365d3d4"}, {"key": "modified", "hash": "fe3f171f649be7d45d9d11d3f5d45695"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bountyState", "hash": "46a32b6ca1227591b068c0ff66424b4a"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "reporter", "hash": "b7ac964ce929cb6eed7089c878ccd151"}, {"key": "published", "hash": "b6e8fc5f5eb60dec94925c4a05cedb90"}], "href": "https://hackerone.com/reports/226514", "modified": "1970-01-01T00:00:00", "objectVersion": "1.3", "bounty": 0.0, "enchantments": {}, "id": "H1:226514", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "hash": "92466501e1593306968e21a8ff564ff59abd06e91f0f120fb5b289ae5441a4b7", "edition": 1, "published": "2017-05-06T08:17:30", "type": "hackerone", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "lastseen": "2017-08-22T11:09:40"}, "differentElements": ["h1reporter"], "edition": 1}, {"lastseen": "2017-08-29T13:11:23", "bulletin": {"bountyState": "informative", "bulletinFamily": "bugbounty", "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}, "viewCount": 16, "reporter": "ruisilva", "references": [], "cvelist": [], "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "hashmap": [{"key": "title", "hash": "0f2aaffd337b8c678dba78fe66f316d3"}, {"key": "type", "hash": "ec83c92514064cbcd1d6878e7bc2471a"}, {"key": "bounty", "hash": "30565a8911a6bb487e3745c0ea3c8224"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "9a327743315925d2785657073897ee62"}, {"key": "href", "hash": "b7a02fc265fecf7af2e332fe46ea5aeb"}, {"key": "bulletinFamily", "hash": "05ada9a7482161942c43eadd60b0440c"}, {"key": "h1team", "hash": "b218e1bd77b6b3f53569e8f63365d3d4"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "h1reporter", "hash": "60623d7e536f80619ce7aa7b41f72183"}, {"key": "modified", "hash": "debbddba69e2d3fd5f5ffe9e6bb2a787"}, {"key": "bountyState", "hash": "46a32b6ca1227591b068c0ff66424b4a"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "reporter", "hash": "b7ac964ce929cb6eed7089c878ccd151"}, {"key": "published", "hash": "b6e8fc5f5eb60dec94925c4a05cedb90"}], "href": "https://hackerone.com/reports/226514", "modified": "2017-05-07T01:41:36", "objectVersion": "1.3", "bounty": 0.0, "enchantments": {"score": {"value": 6.5, "modified": "2017-08-29T13:11:23"}}, "id": "H1:226514", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "hash": "ed11ff4437d68940352e3168983c04d34e51fb2409f391f2e1c82ae798d58423", "edition": 3, "published": "2017-05-06T08:17:30", "type": "hackerone", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "lastseen": "2017-08-29T13:11:23"}, "differentElements": ["h1reporter"], "edition": 3}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvelist": [], "lastseen": "2018-04-19T17:34:13"}
{}
