Paragon Initiative Enterprises: Full directory path listing

2017-05-20T08:15:30
ID H1:230098
Type hackerone
Reporter pahan1234
Modified 2017-05-20T21:53:04

Description

STEP:

  1. goto https://bridge.cspr.ng/login and enter your username,password
  2. click "LogIn" and intercept the request
  3. change the value in cookie header and add '(single quote) in PHPSESSID field eg: PHPSESSID=kn7e21dpp2ocai2ckn1v147qev'
  4. Forward the packet and see full path is disclose {F186342}