A researcher discovered an SSRF vulnerability leading to local file disclosure by bypassing URL validation filters. The application rejected file:/// payloads but accepted file:// with a single path component (file://s/etc/passwd), allowing arbitrary local file access through a simulated browser feature.
A Local File Inclusion (LFI) vulnerability was discovered in Nokia Maps that allowed reading arbitrary files via the file:// protocol (e.g., http://maps.nokia.com/services/file:///etc/passwd). The bug was reported in January 2013 and patched within 18 days.
XSS vulnerability in dynamically generated PDF endpoint where unsanitized user input (utrnumber parameter) is rendered as HTML/JavaScript in PDFs, allowing arbitrary JavaScript execution under file:// origin and enabling local file read via XMLHttpRequest to access /etc/passwd.
A researcher escalated XSS in a PhantomJS image rendering endpoint to arbitrary local file read by exploiting JavaScript execution in the file:// context, using document.write to force synchronization and XMLHttpRequest to exfiltrate files from the Lambda environment at /var/task/.