LFI Vulnerability Exploited in Edge Network — A Quick Discovery
By Professor the Hunter
Who Am I?
I’m a Security Researcher and active participant in bug bounty programs on platforms like HackerOne Inc. For more bug bounty tips and updates, feel free to follow me on Twitter: @bughuntar.
Summary:
Today, I came across a Local File Inclusion (LFI) vulnerability in Redacted’s Edge Network. As many of you know, the consequences of an LFI vulnerability can range from information disclosure to a complete system compromise. Even if the file inclusion doesn’t immediately execute malicious code, attackers can still extract valuable information, potentially giving them the means to escalate their attack.
In this case, the LFI vulnerability provided critical information that could lead to full system compromise if exploited further.
How I Discovered the LFI Vulnerability:
While performing a routine security test on https://erecruitment.redacted.com, I stumbled upon a PDF link that looked like a potential candidate for further exploration. The URL was:
https://erecruitment.redacted.com/onlineapp/rocketpreepay.pdf
At first, I tried injecting different paths into the URL to test for an LFI vulnerability, but I kept getting redirected. After several attempts, I assumed there was no LFI issue with the link. However, after carefully testing a specific payload, I was surprised to find that it worked and allowed me to access sensitive files on the server.
LFI Exploit:
Here’s the proof of concept (PoC) demonstrating the LFI vulnerability:
Exploit URL:
https://erecruitment.redacted.com/onlineapp/rocketpreepay.pdf../../../../../../../etc/passwd
When I appended the path traversal sequence (../../../../../../../etc/passwd
), I was able to access the passwd file located on the server, which is a crucial system file containing user account information. This is a clear indication of an LFI vulnerability that could lead to further exploitation.
Conclusion:
While I’m unsure of the exact bounty I’ll receive if this vulnerability is accepted, I’m grateful to have discovered it. It’s always exciting when you find an issue that has the potential to affect the security of a system. Alhamdulillah — I’m thankful for the opportunity to contribute to the security community.
Follow Me
You can stay connected with me across the following platforms:
- Website: https://bughuntar.com
- Facebook: https://facebook.com/bughuntar
- Twitter: https://twitter.com/bughuntar
- Telegram: https://t.me/bughuntar
- YouTube: https://youtube.com/bughuntar
- Medium: https://bughuntar.medium.com
- LinkedIn: https://www.linkedin.com/in/SoftwareDeveloperSagor
Feel free to reach out for tips, discussions, or collaborations. I’m always open to connecting with fellow security enthusiasts and bug hunters!