Submit #333519: EnvaySoft FleetCart 4.1.1 Information Disclosureinfo

TitleEnvaySoft FleetCart 4.1.1 Information Disclosure
Description# Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure # Exploit Author: skalvin # Date: 13/05/2024 # Vendor: EnvaySoft # Vendor Homepage: # Software Demo Link: # Tested on: Windows 11 Pro 22H2 # Impact: Sensitive Information Leakage # CWE: CWE-200 - CWE-284 - CWE-266 ## Description Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay" "razorpayKeyId". ## Steps to Reproduce: When you view the majority of the pages on the website, such as There is information leaking in the body page response. +---------------------+ razorpayKeyId: 'rzp_test_oACp03vDsqdixc', +---------------------+ Note: the same leaked "razorpayKeyId" is added to "Razorpay" in the Administration Panel. on this Path: (Login as Administrator) [-] Done
Userskalvin (ID 49463)
Submission05/13/2024 08:42 PM (2 months ago)
Moderation05/22/2024 10:26 PM (9 days later)
VulDB Entry265981

Might our Artificial Intelligence support you?

Check our Alexa App!