Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

Critically Sensitive Data - Password Disclosure

POC

  • During directory brute forcing, observe that /xxx directory reveals passwords as cleartext. Check for any directory that may reveal sensitive data with directory bruteforcing dirsearch -e all -t 5 -u

Impact

High

Likelihood

High