local-file-inclusion

3 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
Abusing MYSQL CLients
vulnerability

MySQL clients can be abused via the LOAD DATA LOCAL INFILE feature to exfiltrate arbitrary files from the client machine by setting up a fake MySQL server that bypasses authentication and sends malicious payloads. This exploitation technique works because MySQL clients trust server-sent commands after authentication, allowing attackers to read sensitive files like /etc/hosts from compromised systems.

local-file-inclusion lfi mysql mysql-client load-data-infile fake-server authentication-bypass file-disclosure protocol-exploitation proof-of-concept bug-bounty security-research
MySQL PHP 7.0.32 MySQL 8.0.13 MySQL 5.7.24
vesiluoma.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
LFI in nokia maps
vulnerability

A Local File Inclusion (LFI) vulnerability was discovered in Nokia Maps that allowed reading arbitrary files from the server (e.g., /etc/passwd). The vulnerability was reported on January 2, 2013, and patched by Nokia on January 20, 2013.

local-file-inclusion lfi web-vulnerability file-disclosure bug-bounty maps-service
Nokia Maps Nokia Lumia 920 Shashank
blog.shashank.co · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Google LFI on production servers in redacted.google.com
bug-bounty

A researcher discovered a local file inclusion (LFI) vulnerability on Google's production servers at springboard.google.com through directory enumeration and authorization bypass, escalating from an initial auth bypass to full LFI with admin privileges, ultimately earning a $13,337 bounty from Google's Vulnerability Reward Program.

local-file-inclusion lfi authorization-bypass authentication-bypass directory-enumeration bug-bounty google-vrp subdomain-enumeration fuzzing production-servers google springboard privilege-escalation web-security vulnerability-disclosure
Omar Espino omespino Google springboard.google.com cloudsearch.google.com Google VRP wfuzz domained masscan SecLists ESCAL8 Intigriti HackerOne CVE-2024-1234
omespino.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details