11
donuts
3y

Just got an email from my company that a http server app I wrote years ago exposed the whole server it runs on because of a misconfig parametered...

Can use it to read any file using server.com/path/to/file

Comments
  • 1
    My first backend job I exposed the smtp server so that anybody could use it to send arbitrary mails using our servers. Good that the project was up only for about a month or so :^)))
Add Comment