Easy Bug | PHP info page disclosure

Overview of the Vulnerability:

Disclosure of secrets occurs when sensitive data is not behind an authorization barrier. When this information is exposed it can place sensitive data, such as secrets, at risk.
I found detailed information on both the system and the PHP configuration.

Steps:

1. Fuzzing in many ways, Google dorks:

site:*.Redacted.com intitle:"phpinfo()" | intext:"(php.ini)"

Or using directory fuzzing , e.g ”gobuster, dirsearch, fuff”:

2. I am used “dirsearch”

dirsearch -u https://[*].[Redacted].com/ - max-rate=10

3. I found a very interesting result: https://[*].[Redacted].gov/upload/test.php

Final Step: just report it :)

Vulnerability Disclosure Program