Visual & Practical Breakdown of one of the highest paid arbitrary file read vulnerability POC
Hi geeks, it4chis3c (Twitter) came-up with another bounty earning write-up in the Bug Bounty Hunting Series:
Bug Bounty Hunting Series
Press enter or click to view image in full size
Here’s a breakdown write-up of another high paid bounty on a simple bug: File Read via bulk imports UploadsPipeline (reported by William Bowling aka vakzz).
On observation I found out that this bug is following a certain workflow provided in below chart diagram:
Press enter or click to view image in full size
To understand this bug you have to know what symlink actually means.
“A Symlink also referred as Symbolic Link or Soft Link is a file that acts as a shortcut or pointer to another file or directory in a file system.”
The Flaw: