Little Insight:
Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability
which I spotted in http://conversations.nokia.com
Report Date : 5th march 2014
Reward For Directory Traversal Vulnerability : Nokia Lumia 925 Phone
How This Work
when i was testing it was found url a link on subdomain
with post request
action=get_ajax_post_template&page=2¶m=4614&postPerPage=
when i am use any word template=Jeet thats show 200 responce with result as 0
Template parameter show its access another url form site
... now work begin....
My Finding....
with post request
action=get_ajax_post_template&page=2¶m=4614&postPerPage=
Template parameter show its access another url That's gave me a hint may be there is an LFI
Then i am Googled for a cheat sheet For Directory Traversal
In a few minutes complete Task and found Traversal parameter....as
../.../.././../.../.././../...
Normal Request..
After Payload...
Great Article
ReplyDeleteCyber Security Projects
projects for cse
Networking Projects
JavaScript Training in Chennai
JavaScript Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training
Your post is helping me a lot. Its really nice and epic. Thanks a lot for the useful info on this topic. You did it so much well. I love to see more about GB WhatsApp. Keep sharing and updating. Also share more posts with us. Thank you.
ReplyDelete