Sharing my experience with alias path traversals on nginx, and how we leaked sensitive data on Bitwarden and GCP with that. Along with that, we also released a tool called navgix to check for the presence of these vulnerabilities in an automated manner. Tweet added by celesian @c3l3si4n | Pikagi

Pikagi

@c3l3si4n

celesian

1 year

Sharing my experience with alias path traversals on nginx, and how we leaked sensitive data on Bitwarden and GCP with that. Along with that, we also released a tool called navgix to check for the presence of these vulnerabilities in an automated manner.

8

104

237

Replies

@_hypomaniac

hypomania

1 year

@c3l3si4n Ótima pesquisa amigo

1

0

1

@c3l3si4n

celesian

1 year

@_hypomaniac Obrigado amigo, você é um amigo

0

0

0

@big0x75

Vinicius Pereira

1 year

@c3l3si4n nice research!

1

0

1

@c3l3si4n

celesian

1 year

@big0x75 obg bingas

0

0

0

@artsploit

Michael Stepankin

1 year

@c3l3si4n nicely explained, tnx!

1

0

2

@c3l3si4n

celesian

1 year

@artsploit Love your work!! Thanks!!

0

0

0

@kaardeco

𝕜𝕒𝕣𝕕𝕖𝕔.

1 year

@c3l3si4n very nice and easily explained, nice work cilija

0

0

2

@NeptunianHacks

Neptunian ♆

@NeptunianHacks

1 year

@c3l3si4n Awesome findings!

0

0

1

@dk4trin

Wesley Santos

1 year

@c3l3si4n Tooop demais, posta mais po. Achei um .env usando isso

0

0

1

@hex0x42424242

hex0x42424242

1 year

@c3l3si4n @orange_8361 Top @c3l3si4n !! Congrats!

0

0

1