LFI Vulnerability Exploited in Edge Network — A Quick Discovery

Professor Software Solutions
2 min readMar 29, 2023

--

By Professor the Hunter

Who Am I?

I’m a Security Researcher and active participant in bug bounty programs on platforms like HackerOne Inc. For more bug bounty tips and updates, feel free to follow me on Twitter: @bughuntar.

Summary:

Today, I came across a Local File Inclusion (LFI) vulnerability in Redacted’s Edge Network. As many of you know, the consequences of an LFI vulnerability can range from information disclosure to a complete system compromise. Even if the file inclusion doesn’t immediately execute malicious code, attackers can still extract valuable information, potentially giving them the means to escalate their attack.

In this case, the LFI vulnerability provided critical information that could lead to full system compromise if exploited further.

How I Discovered the LFI Vulnerability:

While performing a routine security test on https://erecruitment.redacted.com, I stumbled upon a PDF link that looked like a potential candidate for further exploration. The URL was:

https://erecruitment.redacted.com/onlineapp/rocketpreepay.pdf

At first, I tried injecting different paths into the URL to test for an LFI vulnerability, but I kept getting redirected. After several attempts, I assumed there was no LFI issue with the link. However, after carefully testing a specific payload, I was surprised to find that it worked and allowed me to access sensitive files on the server.

LFI Exploit:

Here’s the proof of concept (PoC) demonstrating the LFI vulnerability:

Exploit URL:

https://erecruitment.redacted.com/onlineapp/rocketpreepay.pdf../../../../../../../etc/passwd

When I appended the path traversal sequence (../../../../../../../etc/passwd), I was able to access the passwd file located on the server, which is a crucial system file containing user account information. This is a clear indication of an LFI vulnerability that could lead to further exploitation.

Conclusion:

While I’m unsure of the exact bounty I’ll receive if this vulnerability is accepted, I’m grateful to have discovered it. It’s always exciting when you find an issue that has the potential to affect the security of a system. Alhamdulillah — I’m thankful for the opportunity to contribute to the security community.

Follow Me

You can stay connected with me across the following platforms:

Feel free to reach out for tips, discussions, or collaborations. I’m always open to connecting with fellow security enthusiasts and bug hunters!

--

--

Professor Software Solutions
Professor Software Solutions

Written by Professor Software Solutions

Bug Bounty Hunter at HackerOne Inc | Cybersecurity Enthusiast | Passionate About Finding Vulnerabilities and Enhancing Online Security | https://x.com/bughuntar

Responses (1)