Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Insecure crossdomain.xml on https://vdc.mtnonline.com/

High
M
MTN Group
Submitted None
Actions:
View on HackerOne
Reported by xlife

Vulnerability Details

Technical details and impact analysis

Information Disclosure
Hi, https://vdc.mtnonline.com/crossdomain.xml contains the following xml file: ``` <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*" secure="false" to-ports="*"/> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy> ``` ## Impact This will make any one able to receive content from https://vdc.mtnonline.com/ , attacker can steal CSRF tokens and user PII. More information about this issue is available here: https://medium.com/@x41x41x41/exploiting-crossdomain-xml-missconfigurations-3c8d407d05a8 Best regards, Vishu10x00 ❤️

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Information Disclosure