Vulnerability description for reporting available in VulnDB (GitHub)
Non-production environment exposed on the internet
Use tool sublist3r to list subdomains and try to access these environments.
Segmentation between environments
Use Burp Suite and navigate in the application. Check:
- If some APIs from production are called from non-production
- If there are links (URL) in non-production that are from production
Production data in non-production environments
Check if production data is in non-production without data masking or anonymization. Non-production environments are often less secured, have less audit logs and other security controls. They also often have new code that can contain new vulnerabilities.