3 matches found
Top Echelon Software: Clickjacking in main domain https://topechelon.com/
The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...
Top Echelon Software: Public and secret api key leaked in JavaScript source
Summary: Summary the vulnerabilities I am surfing on the bb3jobboard.topechelon.com website. I found a sensitive data including authentication key written in public accessible javascript file. URL Vulnerability https://bb3jobboard.topechelon.com/!/search?page=1 Steps To Reproduce: Open...
Top Echelon Software: Disable xmlrpc.php file
Summary: xmlrpc.php can be used for portscanning or bruteforce attacks. Better is to hide this file. Steps To Reproduce: 1. Go to https://www.topechelon.com/xmlrpc.php 2. send a post request. POST /xmlrpc.php HTTP/1.1 Host: www.topechelon.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:60.0...