Back to directory

WRITEUP #849

Leaking File Contents with a Blind File Oracle in Flarum

AI / LLMPHP filter chainArbitrary file readLFISecurity code review

by@hash_kitten(Adam Kues)

Program

Flarum

Published

Aug 28, 2023

Added to HackDex

Sep 5, 2023

Read Full Writeuphttps://blog.assetnote.io/2023/08/28/leaking-file-contents-with-a-blind-file-oracle-in-flarum/

▸ RELATED WRITEUPS

IIS welcome page to source code review to LFI!

Studying 0days: How we hacked Anki, the world's most popular flashcard app

RCEComponents with known vulnerabilities

We hacked Anki - 0 day exploit from studying someone elses flashcards

RCEComponents with known vulnerabilities

CVE-2024-29511 – Abusing Ghostscript’s OCR device

OtherArbitrary file read

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Built with ❤️ by Shubham Rawat