Hello Team, I would like to report internal path disclosure in response. I was trying for Stored XSS but got no luck in that process. I observed the responses, one of the responses showing file path with 500 Internal Server Error.
Content-Disposition: form-data; name="file"; filename="/../../../../../.html" Content-Type: image text/html Content-Type: text/html
"5. After editing forward the request and observe the response. "6. Response is 500 Internal Server Error with these two path in the response.
This issue is not a major threat to security, but this information usually contains sensitive information.