Hello team,
I am a bug bounty hunter. while searching for the endpoints in the https://irctc.com/ i found some endpoints names /assets/images/PDF in these endpoints i found some directories in which there were few pdf files in which one file named DepartmentChart(IRCTC-HRD).pdf contained the list of
HRD their email and their phone numbers of north zone, south zone, east zone, west zone and south central zone. This file can be accessed by anyone and can read the mobile number and email address of the HRD's . Please secure the endpoints as soon as possible because some other people may misuse the information provided in the endpoints and PDF's
Vulnerable address: https://www.irctc.com/assets/images/PDF/DepartmentChart(IRCTC-HRD).pdf
for further information you can contact me on glennmendonca.[protected]@gmail.com
thank you
regards,
Glenn Was this information helpful? |
Post your Comment