Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[⭐ ⭐ ⭐ ⭐ ⭐] Create a Challenge on HBS vulnerability.

See original GitHub issue

⭐ Challenge idea

Description

Complete Blog post: https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/

Underlying vulnerability/ies

Loca File Read, Potential RCE

Expected difficulty

✔️ / ❌ Difficulty
⭐⭐
⭐⭐⭐
⭐⭐⭐⭐
✔️ ⭐⭐⭐⭐⭐
⭐⭐⭐⭐⭐⭐

Possible attack flow

  1. Add layout in your wordlist of parameter discovery/fuzzing for GET query or POST body.
  2. If the arbitrary value of layout parameter added is resulting in 500 Internal Server Error with ENOENT: no such file or directory in body, You have hit the LFR.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:52 (52 by maintainers)

github_iconTop GitHub Comments

2reactions
cigar-galaxy82commented, Feb 13, 2021

Screenshot (309) This is how the component looks now and this is all using hbs and the function it was supposed to do is also configured to work

1reaction
CaptainFreakcommented, Apr 28, 2021

Yes @bkimminich LGTM!

Good work @cigar-galaxy82!

Read more comments on GitHub >

github_iconTop Results From Across the Web

[ ] Create a Challenge on HBS vulnerability. · Issue #1576
I think the challenge should ask the user to access a specific file. Asking to just open any file feels like it has...
Read more >
Developers - [ ] Create a Challenge on HBS vulnerability. -
Coming soon: A brand new website interface for an even better experience!
Read more >
Challenge tracking - Pwning OWASP Juice Shop
In order to motivate you to hunt for vulnerabilities, it makes sense to give you at least an idea what challenges are available...
Read more >
6 Vulnerability Management Challenges (and How To ...
The Top Challenges Facing Vulnerability Management Teams ... This creates a challenge for prioritization. In practice, even the list of ...
Read more >
Roanne Innes on LinkedIn: #womeninspiringwomen ...
VULNERABILITY The more vulnerability you put out there, the more you get ... YOU'RE INVITED WIHLLOW LIVE MASTERCLASS AND NETWORKING EVENT ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[🐛] A possible bug when solving the challenge "Expired Coupon"

Next page

[🟦] Migrate server-side code to TypeScript