Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

Local File Inclusion

POC

Append the following to the URL path or add this as the filename when you call the files on the web server ../../../../../../../../../etc/passwd%00 file:///etc/passwd If not working, try sending the payload as URL encoded Note: This is a broad concept, above payload is just an example

Impact

Medium-High

Likelihood

Medium-High