04-07-2022, 09:45 AM
Hi Alexandre,
Update on the first issue about showing app path etc. My mistake. This information is only visible when testing from localhost.
I see the check on Host = <localhost> in TIWExceptionLogWorker.GetExceptionDetail().
Be notified that this 'Host' header field can be changed by an attacker. This way the information can still be visible outside 'localhost'...
Update on the first issue about showing app path etc. My mistake. This information is only visible when testing from localhost.
I see the check on Host = <localhost> in TIWExceptionLogWorker.GetExceptionDetail().
Be notified that this 'Host' header field can be changed by an attacker. This way the information can still be visible outside 'localhost'...