• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical lfi vulnerability reported in hashnode blogging platform

Critical LFI Vulnerability Reported in Hashnode Blogging Platform

You are here: Home / General Cyber Security News / Critical LFI Vulnerability Reported in Hashnode Blogging Platform
April 12, 2022

Scientists have disclosed a previously undocumented regional file inclusion (LFI) vulnerability in Hashnode, a developer-oriented running a blog platform, that could be abused to access delicate info this kind of as SSH keys, server’s IP tackle, and other network information.

“The LFI originates in a Bulk Markdown Import element that can be manipulated to present attackers with unimpeded potential to obtain regional information from Hashnode’s server,” Akamai scientists mentioned in a report shared with The Hacker News.

CyberSecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Regional file inclusion flaws take place when a web application is tricked into exposing or jogging unapproved data files on a server, major to listing traversal, information disclosure, distant code execution, and cross-website scripting (XSS) attacks.

Hashnode Blogging Platform

The flaw, caused thanks to the web application failing to adequately sanitize the route to a file that is passed as input, could have critical repercussions in that an assailant could navigate to any path on the server and obtain sensitive facts, which include the /and so on/passwd file that contains a checklist of consumers on the server.

Armed with this exploit, the scientists said they were being in a position to detect the IP tackle and the private secure shell (SSH) important affiliated with the server.

CyberSecurity

While the vulnerability has due to the fact been dealt with, the findings arrive as Akamai claimed it recorded extra than five billion LFI attacks involving September 1, 2021, and February 28, 2022, marking a 141% raise in excess of the past 6 months.

“LFI attacks are an attack vector that could cause major hurt to an firm, as a risk actor could acquire information and facts about the network for upcoming reconnaissance,” the scientists claimed.

Uncovered this article intriguing? Adhere to THN on Facebook, Twitter  and LinkedIn to browse far more exclusive material we post.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «shiseido reportedly suffers data breach Shiseido reportedly suffers data breach
Next Post: Consumers Increasingly Numb to Data Breach Risks Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.