query-exploitation

1 article

sort: new top best

bug-bounty488 xss283 google177 microsoft153 rce143 facebook139 bragging-post117 account-takeover102 exploit101 apple94 csrf85 authentication-bypass77 stored-xss75 privilege-escalation69 open-source66 reflected-xss63 cve61 web-security60 writeup60 access-control59 malware59 ai-agents53 ssrf52 input-validation51 defi48 cross-site-scripting48 smart-contract47 ethereum44 sql-injection44 browser41 phishing40 api-security38 web-application38 information-disclosure38 oauth37 dos36 burp-suite36 aws35 lfi34 web334 smart-contract-vulnerability33 tool33 react33 docker33 html-injection32 responsible-disclosure31 vulnerability-disclosure31 waf-bypass31 idor30 supply-chain30

0 6/10

How we got LFI in apache drill recom like a boss

vulnerability

A researcher discovered a Local File Inclusion (LFI) vulnerability in Apache Drill by manipulating the dfs storage plugin configuration to read arbitrary files from the server, such as /etc/passwd, via crafted SQL queries.

lfi local-file-inclusion apache-drill directory-traversal information-disclosure recon storage-plugin query-exploitation bug-bounty

Apache Drill HackerOne Jobert Abma Gujjuboy10x00 Freedium

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 9 hours ago · details