Summary
On October 7, 2021, I discovered a vulnerability called LFI via File Download in www.kakao.com. This is a very critical vulnerability that can use this vulnerability to identify the directory structure using the Directory Listing vulnerability and click all files including system main files, server configuration files, and source codes.
Platform(s) Affected
1 | https://www.kakao.com/download/url |
The attack vector existed in the URL above
How to find and exploit
Not authorized
Proof of Concept
Not authorized