Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage

Photo by Roman Kraft on Unsplash

This is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has operation in over 10 countries over the world. As I am not allowed to disclose the detail, I would use redacted.com as the target site and all parameters and directories shown in below passage are all made up.