FirstBlood-#743 — [COLLAB] Exposed api allows viewing of all vaccination proof leaking user emails
This issue was discovered on FirstBlood v2
On 2021-10-27, amec0e Level 3 reported:
Hey again mate,
From my previous RCE report Here getting the directory listings we can see that there is a endpoint
api.phplocated in the directory
/vaccination-manager/this brings us to a Swagger UI in which we can see a new endpoint called
vax-proof-list.phpupon viewing this we can see all the user emails of those who have uploaded vaccination proofs.
PII Leak of user emails and IP addresses
Steps to Reproduce:
- Visit the endpoint
You can see the new endpoint leaked on page, visiting this and we get a leak of users emails including their IP address.
In Collaboration with thebinarybot
FirstBlood ID: 31
Vulnerability Type: Information leak/disclosure
The endpoint api.php can be found under the vaccination manage portal directory which allows for user interaction and results in PII leak on vax-proof-list.php