Path Traversal in yogeshojha/rengine
Aug 31st 2021
Local File Inclusion through Path Traversal
🕵️♂️ Proof of Concept
While logged in into a Rengine instance, go to
/api/getFileContents/?nuclei_template&name=../../../../../../../../etc/passwd. The contents of
/etc/passwd are included into the response.
This vulnerability is capable of reading
/proc/self/environ, exposing environment variables, including the Postgres password.