Little Insight:
Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability
which I spotted in http://conversations.nokia.com
Report Date : 5th march 2014
Reward For Directory Traversal Vulnerability : Nokia Lumia 925 Phone
How This Work
when i was testing it was found url a link on subdomain
with post request
action=get_ajax_post_template&page=2¶m=4614&postPerPage= 12&template=
when i am use any word template=Jeet thats show 200 responce with result as 0
Template parameter show its access another url form site
... now work begin....
My Finding....
with post request
action=get_ajax_post_template&page=2¶m=4614&postPerPage= 12&template=
Template parameter show its access another url That's gave me a hint may be there is an LFI
Then i am Googled for a cheat sheet For Directory Traversal
In a few minutes complete Task and found Traversal parameter....as
0 comments:
Post a Comment