Mateo Hanžek

While assessing application's security I stumbled upon the careers endpoint. It appears to me that application gives cookie after login on the /careers/index.php endpoint. The cookie format is the following...

You can test POST params with this tool. python3 [lfimap.py](https://github.com/hansmach1ne/lfimap) -U "http://vulnpage.com/endpoint" -D "postparam=PWN" -a

You can test POST params with [lfimap](https://github.com/hansmach1ne/lfimap). It also supports scan without parameter names. POST test: python3 lfimap.py -U "http://vulnpage.com/endpoint" -D "postparam=PWN" -a No param test: python3 lfimap.py -U "http://vulnpage.com/PWN"...

Afaik, the client-side attacks will be very limited with img src sandboxing. XSS will definitely not be possible.

Hey, thank you very much for taking interest in LFImap, even more to contribute for improvements. Currently, LFImap doesn't support testing for SQL injection per se (as there are other...

I'll look into this, might implement support for this scenario also. Btw, you can write the switches you used, that yielded in URL is invalid, we might fix that too.

@katanta Took a look one more time at this scenario here. This is a second order LFI in question. Where the first step would be to only inject the LFI...