BugCrowd Bug Bounty Disclosure: P5 – Information Disclosure via url tampering – By murderfalcon

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting.

Program


Program Information

doi vdp

doi vdp

Details


Additional Information

  • Priority: P5

While doing some security research I stumbled upon some information via manual url tampering. This information MAY be public knowledge which is why I submitted this as informational.After researching it appears that this is a function of Pulse Connect Secure as it allows the creation of a custom help page. But since there doesn’t appear to be any “help” links on the login page I’m not sure if this function needs to be enabled, so I figured it would be a good idea to report it. Mainly because it seems to give away the username format, links to what appear to be vpns, as well as the direct e-mail of who to contact if there was an issue logging in. This information may be of use for bad actors.To reproduce the issue just visit the link https://pm.doi.gov/dana-na/auth/url_c8x42cdx6wWwu0xF/welcome.cgi?p=helpThe original url passed the parameter p=no_cert I changed that to p=help.

Submitted By


Submitter Information

  • Hacker Points: 0
  • Hacker Accuracy: 100.0%
  • Hacker Rank: 119639th

murderfalcon