Slack: Unauthenticated LFI revealing log information

2017-09-28T03:11:28
ID H1:272578
Type hackerone
Reporter juji
Modified 2018-01-26T01:29:17

Description

@juji found a bug which allowed the disclosure of local files on certain servers - this included PHP files and logs. We performed a thorough investigation to ensure that this issue was not exploited, and as a precaution revoked tokens which were inadvertently logged. Thanks @juji! Write-up incoming... Stay tuned on Twitter!