Critical LFI Vulnerability Reported in Hashnode Blogging Platform

on
The Hacker News
Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download

More From Author

Finding Attack Paths in Cloud Environments

RaidForums Gets Raided, Alleged Admin Arrested