Confidential Document Exposure

Sensitive documents intended for internal use are accessible via predictable URLs. Without proper authorisation checks, an attacker can directly retrieve files such as legal agreements or backups by navigating to hidden directories or guessing filenames.

• Identify the base path where documents are stored (e.g., /assets/pdfs/).
• Change the URL to point directly to a confidential file, such as /assets/pdfs/Legal_Doc.pdf.
• The PDF opens in the browser without requiring authentication.

• Disclosure of proprietary or personal information contained within the documents.
• Legal repercussions for violating data protection laws.
• Damage to reputation and loss of customer trust.

• Store confidential files outside of the web root and serve them through authorised routes only.
• Implement access controls and authentication checks for file downloads.
• Use randomised filenames or tokens to make URL guessing difficult.