image dsbw
Request Assessment

sensitive information disclosure in document user informations including user signature



Published il y a 3 mois

image de sensitive information disclosure in document user informations including user signature

Hi, This is DevSecure Team ,we specialize in uncovering hidden vulnerabilities that pose real-world risks to modern web applications.
All vulnerabilities shared in these write-ups are fully redacted — any company names, domains, or sensitive details are replaced with placeholders such as company.com. Each finding was responsibly disclosed through the Intigriti platform and has been verified and resolved by the affected vendor.

Every post represents our commitment to ethical hacking, responsible disclosure, and continuous learning, helping organizations strengthen their defenses while contributing to a safer global cybersecurity ecosystem.

in this article i will share how easy some bounties could be
POC
this document should not be public in the internet i find it using google
in this document ther is a lot of information about this user including digital signature

https://www.info.company.com/pathtopdfhere.pdf

you can find this document in google searching

site:info.company.com filetype:pdf
https://app.intigriti.com/profile/merroun

More Articles You May Like

Blog Image
IDOR Get any Customer all invoices

1/ create new company and login 2/ go to services-api.company.com/customers/{UUID}/invoices?invoiced=false 3/ change UUI...

Read More →
Blog Image
get personal information of workers

1/ go to this endpoint https://company.com/search?p_p_lifecycle=0&saveLastPath=true&q=cv&type=com.liferay.document.libra...

Read More →
Blog Image
Extract all users emails end with( @company.com ) with names in DB of Company users

i found a method to get all emails with @company.com in company admin db the method is in 2 steps after login as admin 1...

Read More →