BugPoC: LFI to steal /etc/passwd - Bypass filter in the <meta property="og:image"> tag via redirect and much more

Hey Team, Good &simple challenge. Wasn't able to find time to attempt this initially but was able to go about it today. The explanation of the bug with the POC is hosted on bugpoc.com Here is the id & password as requested - BugPoC ID : bp-wHwB2qAF - Password : dARKlYbAnana89 POC Screenshot using...

InVision: Javascript Injection

In this webapge: █████████, the URL that is being loaded is listed as a meta property: html The problem is that when additional text is appended to the end of the URL, like this html , it is displayed as part of the HTML. By adding a quotation mark and closing the metaproperty tag like so: html "...