image dsbw
Request Assessment

get personal information of workers



Published il y a 3 mois

image de get personal information of workers

Hi, This is DevSecure Team ,we specialize in uncovering hidden vulnerabilities that pose real-world risks to modern web applications.
All vulnerabilities shared in these write-ups are fully redacted — any company names, domains, or sensitive details are replaced with placeholders such as company.com. Each finding was responsibly disclosed through the Intigriti platform and has been verified and resolved by the affected vendor.

Every post represents our commitment to ethical hacking, responsible disclosure, and continuous learning, helping organizations strengthen their defenses while contributing to a safer global cybersecurity ecosystem.

1/ go to this endpoint
https://company.com/search?p_p_lifecycle=0&saveLastPath=true&q=cv&type=com.liferay.document.library.kernel.model.DLFileEntry&type=com.liferay.document.library.kernel.model.DLFolder

you can search for anything i chose CV

than from there you will get cvs information chose any cv with picture
open the cv Thumbnail pic in new window

i chose this one
https://company.com/documents/22/12/CV__user_Creative_Designer_2022-10-30_11-1-5.pdf/00000000-0000-0000-0000-000000000000?version=1.0&t=1667129775732&documentThumbnail=1

set documentThumbnail=1 to documentThumbnail=0

now you have all informations about any one send their cv to the company about 4200 result i found

Impact
full information disclosure

Platform : Intigriti
Timeline :
Reported: 23/11/2022
Triaged: 24/11/2022
Accepted & paid: 24/11/2022
Bounty: €750 + €50
https://app.intigriti.com/profile/merroun

More Articles You May Like

Blog Image
IDOR Get any Customer all invoices

1/ create new company and login 2/ go to services-api.company.com/customers/{UUID}/invoices?invoiced=false 3/ change UUI...

Read More →
Blog Image
Extract all users emails end with( @company.com ) with names in DB of Company users

i found a method to get all emails with @company.com in company admin db the method is in 2 steps after login as admin 1...

Read More →
Blog Image
Export Subscription Application Instance List ( with internal host ) and SupportCompanySearchCustomers

Export Support Company Search Subscription Application Instance List and Support Company Search Customers Tunnels List...

Read More →