Although this was enough for PoC, I decided to dig deeper with this path traversal.

When I was fuzzing the application, I encountered an error that disclosed the full path to the webroot.

I ran ffuf again but now in the webroot of the server using the path traversal that I had found. This way, I was able to enumerate a file named LICENSE that had license keys of the application.

I reported the issue with all my findings and my report was selected during the Initial Launch Period.

Thanks for the read. 🙂

Kuldeep Pandya

You can reach out to me at @kuldeepdotexe.