FirstBlood-#588Important files leaking on firstblood
This issue was discovered on FirstBlood v2

On 2021-10-26, newrouge Level 3 reported:

Hey, i found that their are many important files leaking from server which should be generally 403 forbidden normal users. It's a server misconfiguration.


  1. Composer files are leaking from server.
    "require": {
        "monolog/monolog": "2.1.1"

These files should not be exposed to everyone.

Thank you


P2 High

Endpoint: N/A

Parameter: N/A

Payload: N/A

FirstBlood ID: 36
Vulnerability Type: Information leak/disclosure

It is possible to use the composer.json to aid with another vulnerability and gaining information/knowledge on versions used.