Summary by Indeed
Manipulation of an HTTP header caused information disclosure of internal assets at an endpoint.
Infomation Disclousere with Authorization Bypass via Header
Disclosed by sarpdora23- Engagement Indeed
- Disclosed date 8 months ago
- Reward $1,000
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by sarpdora23
I found subdomain which belonga company internal api. When user try to access page, Usret get 401. However It can be bypassed with headers .