Information disclosure of Internal php files on [mackeeper.com/blog/api/send-event]
Low
C
Clario
Submitted None
Team Summary
Official summary from Clario
### Summary Vulnerable URL: https://mackeeper.com/blog/api/send-event contains service information ### Steps To Reproduce Step-1: Go to `https://mackeeper.com/blog/api/send-event` you will get `MethodNotAllowedHttpException` and different PHP files error info Step-2: After that, I have a change method to `POST` for parameter discovery and got two more exceptions which `TypeError` and `SuspiciousOperationException`
Actions:
Reported by
darkerhack
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Exposure Through an Error Message