writeups.xyz writeups.xyz / LFI

Title Vulnerabilities Programs Authors
Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )
How we got LFI in apache Drill (Recon like a boss)
#BugBounty — "Journey from LFI to RCE!!!"-How I was able to get the same in one of the India’s popular property buy/sell company.
No RCE? Then SSH to the box!
LFI to 10 servers pwn
LFI to Command Execution: Deutche Telekom Bug Bounty
Local File Read via XSS in Dynamically Generated PDF
Upgrade from LFI to RCE via PHP Sessions
Secure Your Jenkins Instance Or Hackers Will Force You To! (Snapchat’s $5,000 Vulnerability)
Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
Hacking the NHS for Fun and No Profit
Hacking Magento eCommerce For Fun And 17.000 USD
Reading local files from Facebook's server (fixed)
Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
Google Sites: A Tale of Five Vulnerabilities
LFI in Nokia maps