The document discusses several security vulnerabilities found in a modern web application including: access control flaws, cross-site scripting via user-controllable elements, plain text credential transmission allowing session hijacking, information disclosure via server version leaks and application errors, lack of anti-CSRF tokens and HTTP-only cookies, and improper input validation. Private IP addresses and email addresses were also disclosed.
The document discusses several security vulnerabilities found in a modern web application including: access control flaws, cross-site scripting via user-controllable elements, plain text credential transmission allowing session hijacking, information disclosure via server version leaks and application errors, lack of anti-CSRF tokens and HTTP-only cookies, and improper input validation. Private IP addresses and email addresses were also disclosed.
The document discusses several security vulnerabilities found in a modern web application including: access control flaws, cross-site scripting via user-controllable elements, plain text credential transmission allowing session hijacking, information disclosure via server version leaks and application errors, lack of anti-CSRF tokens and HTTP-only cookies, and improper input validation. Private IP addresses and email addresses were also disclosed.
.script alert xss payload credential sent in plain text session hijacking server leakes version information user agent fuzzer login page user controllable HTML element attribute x- content type option header missing patrient absence of anti csrf token Application error disclosure concurrent login content security policy header cookei no http only flag Improper validation information disclosure-suspicious comment modern web application private IP disclosure
cleartext submission of password
password field with autocomplete enabled Email addresses disclosed