Greetings fellows
I have a doubt about a finding, because there is some tax numbers in the code . So that qualifies as a business leakage?. How much private is a tax number ?.
Also the thing that they did with these info is like mocks and migrations.
Does that qualify as private data ?
by the way thanks for your help
How do you know that those numbers are not test data?
1 Like
Is this a real tax number? or a fake tax number? If real then vuln, else not. Test dada should be fake, or with masking, etc.
sorry for be a nuisance. I know that that I must ask a question per thread. but this tax numbers are writed in the logs
the numbers are real because I have checked in a goverment system
I have checked the numbers againts SII. Chilean internal tax service, and those numbers appear with same name and info that are writed in the code
mmm, I suggest that report that as a vulnerability
1 Like
I agree, @elated-colden you should report it as a vulnerability.
1 Like