$7500 Unauthenticated Local File Inclusion Exploit | Database Disclosure

$7500 Unauthenticated Local File Inclusion Exploit | Database Disclosure | Bug Bounty PoC 2023

Рет қаралды 8,641

9 ай бұрын

-----------------------------------------------------------------------
Twitter: / abhishekmorla
Website: abhishekmorla.netlify.app/
Linkedin: / abhishekmorla
------------------------------------------------------------------------
Embark on an exhilarating journey into the world of cybersecurity and ethical hacking as we explore a real-world Unauthenticated Local File Inclusion Exploit that led to a $7500 bug bounty reward. This Proof of Concept (PoC) demonstration unveils the steps behind this successful hack, showcasing how vulnerabilities can result in database disclosure. Stay tuned for an insightful exploration of cybersecurity and ethical hacking in 2023!
------------------------------------------------------------------------

Пікірлер: 46

@trustedsecurity6039 8 ай бұрын

Nice finding!!

@piojo003 8 ай бұрын

Thanks

@lokeshbhade6807 8 ай бұрын

Good catch 🪝

@whodaFru4551 7 ай бұрын

It would be interesting to see how you found the vulnerability.

@abhishekmorla1 5 ай бұрын

@Rocks_roxks9 8 ай бұрын

great finding brother

@waterlord6969 8 ай бұрын

This isn't his finding

@ederferreira3764 4 ай бұрын

How did you find out that the LFI is in alertlist instead of some parameter?

@abhishekmorla1 4 ай бұрын

You should check each potential vulnerable parameter

@normalitee0os 8 ай бұрын

Can you point out the pattern that made you look for LFI in first place? Like what peculiar thing made u look for it

@abhishekmorla1 8 ай бұрын

Analyze burp history

@chtayab7891 8 ай бұрын

Nice find brother. btw which bug bounty program is this?

@abhishekmorla1 8 ай бұрын

private

@darkmix4192 Ай бұрын

@@abhishekmorla1brother how search private side domain, please suggest me

@abhishekmorla1 Ай бұрын

@@darkmix4192 join kzfaq.info/love/9IAh1JN4lhSVz193GvZVZgjoin

@servantofgod3058 8 ай бұрын

nice finding bro but isn't it against program rules to share full poc? since it reveals many sensitive information

@abhishekmorla1 8 ай бұрын

Can you find the program?

@servantofgod3058 8 ай бұрын

@@abhishekmorla1 ZTE bug bounty program?

@abhishekmorla1 8 ай бұрын

@@servantofgod3058 nope :)

@SumanRoy.official 8 ай бұрын

How did you get to the point where you knew it was using grafana db

@abhishekmorla1 2 ай бұрын

Will explain in community membership , so join the channel

@waterlord6969 8 ай бұрын

Wait, this isn't your finding. It was an LFI in a major data-analysis software a year back.

@abhishekmorla1 8 ай бұрын

okay lfi is not discovered by you , so don't report 🙄

@waterlord6969 8 ай бұрын

@@abhishekmorla1 Ohhh! Sorry, I thought that you were showcasing the vulnerability, but you found it in wild 👍

@abhishekmorla1 8 ай бұрын

Yeah bro keep hunting 🎉

@waterlord6969 8 ай бұрын

@@abhishekmorla1 Thx! You too 🔥

@radchad4414 7 ай бұрын

noob question. are there any dependencies here? is there a certain frameworks that this PoC does not work?

@abhishekmorla1 5 ай бұрын

yes

@YettouYettou-uj9du 5 ай бұрын

The real question here ! How did u find original ip of the site ?

@abhishekmorla1 4 ай бұрын

shodan

@YettouYettou-uj9du 4 ай бұрын

@@abhishekmorla1 what do you do if u can't find origin ip of website !!? That,s mean cdn block every single payloads

@sakshamsharma9763 8 ай бұрын

how did you learned using burp i want a road map to learn bug bounty please tell me the course name...?

@abhishekmorla1 8 ай бұрын

search on udemy

@sakshamsharma9763 8 ай бұрын

@@abhishekmorla1 name of the course you have done ?

@abhishekmorla1 8 ай бұрын

practical ethical hacking tcm

@sakshamsharma9763 8 ай бұрын

@@abhishekmorla1 thanks for the help!

@sushmithas504 8 ай бұрын

As I am a beginner in bug bounty hunting can u give me suggestions like where to learn ,how to learn

@abhishekmorla1 8 ай бұрын

by solving portswigger labs

@sushmithas504 8 ай бұрын

@@abhishekmorla1 any more courses , programming languages to follow up

@sushmithas504 8 ай бұрын

@@abhishekmorla1 I am just overwhelmed by many PPL saying to learn more programming languages....

@abhishekmorla1 8 ай бұрын

@@sushmithas504 you can start with python

@sanjaycse9608 8 ай бұрын

Local file disclosure?

@abhishekmorla1 8 ай бұрын

Yes

@Raymond-0x0 6 ай бұрын

Bounty ?

@abhishekmorla1 4 ай бұрын

yes

@thomashodge361 8 ай бұрын

'Promo sm'