Sunday, 21 September 2014

Nokia Web Security Bug Reward: Directory Traversal / Local File inclusion Vulnerability

Little Insight: 


Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability


which I spotted in  


Report Date :  5th march 2014 


Reward For  Directory Traversal Vulnerability  : Nokia  Lumia 925 Phone


How This Work

when i was testing it was found url a link on  subdomain 

with post request 


when i am use any word template=Jeet thats show 200  responce with result as 0

Template parameter show its access another url form site

 ... now work begin....

My Finding....

with post request 


Template parameter show its access another url That's gave me a hint may be there is an LFI

Then i am  Googled for a cheat sheet For Directory Traversal

In a few minutes complete Task and found Traversal




 Normal Request..






 After Payload...





More Information


The vulnerability mentioned here has been confirmed patched by the Nokia Security Team.




  1. Great Article
    Cyber Security Projects

    projects for cse

    Networking Projects

    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Your post is helping me a lot. Its really nice and epic. Thanks a lot for the useful info on this topic. You did it so much well. I love to see more about GB WhatsApp. Keep sharing and updating. Also share more posts with us. Thank you.