Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com
2017-05-06T08:17:30
ID H1:226514 Type hackerone Reporter ruisilva Modified 2017-05-07T01:41:36
Description
Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com
For reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins
You will see something like this : Class '\ParagonIE\Airship\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\Tuner\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\Tuner\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\Tuner\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\Tuner\Router::route(Array) #4 {main}
See attached file
Thanks
{"id": "H1:226514", "hash": "ba3df2d2708fb61a31ca810b40026d8b", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "published": "2017-05-06T08:17:30", "modified": "2017-05-07T01:41:36", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/226514", "reporter": "ruisilva", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:13", "history": [{"lastseen": "2017-08-28T23:19:24", "bulletin": {"id": "H1:226514", "hash": "96a89c6a4c090ae70ef1f3808415a6aa0312a3531016a9b3a70e0082959b2fe5", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "published": "2017-05-06T08:17:30", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/226514", "reporter": "ruisilva", "references": [], "cvelist": [], "lastseen": "2017-08-28T23:19:24", "history": [], "viewCount": 16, "enchantments": {}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "informative", "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}}, "differentElements": ["modified"], "edition": 2}, {"lastseen": "2018-02-07T16:57:59", "bulletin": {"id": "H1:226514", "hash": "453b618d5d20b51948932ca028e71377fcd80aa1885735f429be25cbd7aaf7af", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "published": "2017-05-06T08:17:30", "modified": "2017-05-07T01:41:36", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/226514", "reporter": "ruisilva", "references": [], "cvelist": [], "lastseen": "2018-02-07T16:57:59", "history": [], "viewCount": 16, "enchantments": {"score": {"value": 6.3, "modified": "2018-02-07T16:57:59", "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C/"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "informative", "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}}, "differentElements": ["h1team"], "edition": 4}, {"lastseen": "2017-08-22T11:09:40", "bulletin": {"id": "H1:226514", "hash": "92466501e1593306968e21a8ff564ff59abd06e91f0f120fb5b289ae5441a4b7", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "published": "2017-05-06T08:17:30", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/226514", "reporter": "ruisilva", "references": [], "cvelist": [], "lastseen": "2017-08-22T11:09:40", "history": [], "viewCount": 16, "enchantments": {}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "informative", "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "disabled": false, "username": "ruisilva"}}, "differentElements": ["h1reporter"], "edition": 1}, {"lastseen": "2017-08-29T13:11:23", "bulletin": {"id": "H1:226514", "hash": "ed11ff4437d68940352e3168983c04d34e51fb2409f391f2e1c82ae798d58423", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Paragon Initiative Enterprises: Full Path Disclousure on https://airship.paragonie.com", "description": "Hi , i found an full path disclousure vulnerability on https://airship.paragonie.com\n\nFor reproduce this vulnerability go to: https://airship.paragonie.com/my/cabins\nYou will see something like this : Class '\\ParagonIE\\Airship\\Cabins' not found #0 /var/www/paragonie/framework/Router.php(236): ParagonIE\\Tuner\\Router::passArgs(Array, Array, Array) #1 /var/www/paragonie/framework/Router.php(150): ParagonIE\\Tuner\\Router::serve(Array, Array, Array) #2 /var/www/paragonie/framework/Router.php(107): ParagonIE\\Tuner\\Router::site(Array) #3 /var/www/paragonie/public_html/index.php(26): ParagonIE\\Tuner\\Router::route(Array) #4 {main}\n\nSee attached file \nThanks ", "published": "2017-05-06T08:17:30", "modified": "2017-05-07T01:41:36", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/226514", "reporter": "ruisilva", "references": [], "cvelist": [], "lastseen": "2017-08-29T13:11:23", "history": [], "viewCount": 16, "enchantments": {"score": {"value": 6.5, "modified": "2017-08-29T13:11:23"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "informative", "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/production/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}}, "differentElements": ["h1reporter"], "edition": 3}], "viewCount": 17, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-04-19T17:34:13"}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:13"}, "vulnersScore": 0.2}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "informative", "h1team": {"url": "https://hackerone.com/paragonie", "handle": "paragonie", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/008/539/a041268a04bb7a5c3d3a88a9dccc6b5955eff4d7_small.?1453010804", "medium": "https://profile-photos.hackerone-user-content.com/000/008/539/17d54b48e116d815fd72bc29f2cd71df6b3659ad_medium.?1453010804"}}, "h1reporter": {"url": "/ruisilva", "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "username": "ruisilva"}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}