Monday, 25 August 2014

Flowdock Web Security Bug Bounty: Directory Traversal / Local File Inclusion In



Little insight on LFI was vulnerable to a directory traversal / local file inclusion vulnerability. As a result, it was possible for an attacker to load webserver-readable files from the local filesystem.


How This work..?


On the Flowdock API documentation source files in a separate, public GitHub repository. This allows anyone to contribute and report issues, or ask questions in public. they serve the documentation in Rails by rendering markdown as HTML and injecting the generated HTML files as views.

To avoid adding a new route every time we add a new page, our route file had the following rule:

              get '/api/*action', controller: 'docs' 

In this setup the controller is only responsible for setting up the layout.

A request such as 



exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using
Rack::Protection  didn’t help as it only rejects '/../' segments in the request path.  

My Finding....


In the above summary it only rejects '/../' segments in the request path and path is not sanitized to filter out malicious characters like "..%5c", It is easily possible to access any file which is locally stored on the system outside the root directory.

Now coming back to 

here is the proof of concept that I included with the bug. It displayed the contents of the /etc/passwd file of the server

The vulnerability was resolved now and more Info about Fix

More about

The vulnerability mentioned here has been confirmed fixed by Flowdock Team.

I’d like to thank Otto Hilska , Tuomas Silen and ville Lautanal for handling this issue and  the vulnerability was patched and the fix was deployed in production about two and a half after my initial report.

Its my first writing for poc....

Blog Writing style copied from Neal Poole blog thanks for write such a great blog.....  


  1. great finding ... :) keep it up bro....

  2. Great Article
    Cyber Security Projects

    projects for cse

    Networking Projects

    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  3. İnstagram takipçi satın al! İnstagram takipçi sitesi ile takipçi satın al sende sosyal medyada fenomen olmaya bir adım at. Sende hemen instagram takipçi satın almak istiyorsan tıkla:

    1- takipçi satın al

    2- takipçi satın al

    3- takipçi satın al