Path Traversal in yogeshojha/rengine
Valid
Reported on
Aug 31st 2021
✍️ Description
Local File Inclusion through Path Traversal
🕵️♂️ Proof of Concept
While logged in into a Rengine instance, go to /api/getFileContents/?nuclei_template&name=../../../../../../../../etc/passwd
. The contents of /etc/passwd
are included into the response.
💥 Impact
This vulnerability is capable of reading /proc/self/environ
, exposing environment variables, including the Postgres password.
Occurrences
We have contacted a member of the
yogeshojha/rengine
team and are waiting to hear back
10 months ago
Yogesh Ojha
has been awarded the fix bounty
Good Job on finding this. Congratulations on your bounty!
to join this conversation