Security bug report #87
Description
Dear Team,
I am Asim security researcher and i have found the sql file in your website where sensitive information is going to exposed .
IMPACT
Disclosure of confidential, sensitive or embarrassing information can result in loss of credibility, reputation, market share, and competitive edge. The most common threat in a networked system is unauthorized access to information and computer resources. This may cause the loss of confidentiality, integrity, and availability of the information technology assets. To ensure business continuity and minimize potential damage, companies need to establish a computer-based access control to protect their proprietary information from intentional or accidental disclosure, modification, erasure, or copying, as well as their IT resources from misuse. This control provides an organization with the ability to restrict, monitor, and protect the confidentiality and integrity.
STEPS TO REPRODUCE
When you open the below link you will get 404 not found . The page is restricted .
https://floobits.com/redbaty/Burnit/raw/burnit
EXPLOIT
To exploit the file just add .sql and the file will be exploited as you see in the screen shot.
https://floobits.com/redbaty/Burnit/raw/burnit.sql
You will see in the file there are many email address are found and sensitive user keys including server information.