42 matches found
redmine -- information leak vulnerability
Redmine reports: Potential data leak project names in the invalid form authenticity token error screen...
HackerOne: A password reset page does not properly validate the authenticity token at the server side.
Go to https://hackerone.com/users/password/new and request a new password. 2. go to email, and click on the link. 3. put the new password, submit and intercept the request; remove the authenticity token from the request and now forward it to the server. 4. you will see request still got...