FirstBlood-#588Important files leaking on firstblood
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-26, newrouge Level 3 reported:

Hey, i found that their are many important files leaking from server which should be generally 403 forbidden normal users. It's a server misconfiguration.

Steps:

  1. Composer files are leaking from server.
    "require": {
        "monolog/monolog": "2.1.1"
    }
}

These files should not be exposed to everyone.

Thank you

newrouge

P2 High

Endpoint: N/A

Parameter: N/A

Payload: N/A


FirstBlood ID: 36
Vulnerability Type: Information leak/disclosure

It is possible to use the composer.json to aid with another vulnerability and gaining information/knowledge on versions used.