CS Money: Internal Path Disclosure

Hello Team, I would like to report internal path disclosure in response. I was trying for Stored XSS but got no luck in that process. I observed the responses, one of the responses showing file path with 500 Internal Server Error. Steps To Reproduce: 1. Go to cs.money and sign in through steam...

Semmle: Server side includes in https://lgtm-com.pentesting.semmle.net/internal_api/v0.2/savePublicInformation leads to 500 server error and D-DOS

Summary: Improper sanitizing of input in one of the input forms in https://lgtm-com.pentesting.semmle.net/internalapi/v0.2/savePublicInformation leads to server side include that causes a 500 internal server error and a possible denial of service. Description: After login in to semmle , in other ...

Enter: Error stack trace

Make request removed csrf token in POST data POST /settings HTTP/1.1 Host: wallet.robocoin.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:34.0 Gecko/20100101 Firefox/34.0 Accept: / Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type:...