Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

If the developer forgets to remove the built in controller welcome.php it helps the attacker to identify that the site is built with Codeigniter

High

C

CodeIgniter

Submitted None

Actions:

View on HackerOne

Reported by hackerneo

Vulnerability Details

Technical details and impact analysis

Information Exposure Through Directory Listing

The attacker can check the website's backend technology simply by typing site_name/index.php/welcome/index it will display the codeigniter welcome page if the developer dosen't removed the built in controller and view welcome.php and welcome_message.php i attaching a screenshot below as a proof of concept

Report Details

Additional information and metadata

State

Closed

Substate

Not-Applicable

Submitted

Weakness

Information Exposure Through Directory Listing