[facebook bug bounty] Reading local files from facebook posted December 2014
Josip Franjković found a vulnerability in one of the file uploader of facebook.
basically he uploaded a zipped file of a symbolic link to
ln -s /etc/passwd link zip --symlinks test.zip link
And since uploaders are always a mess to secure. Facebook just replied displaying the content of what he thought was the unzipped resume.
leave a comment...