Security issue identified while running code on the compiler aka Local File Inclusion (LFI)
‘permission denied’ should be the expected behavior as it exposes backend info and an adversary can run OS commands.
Displaying sensitive content
Steps to reproduce:
Run the below code and change the file name/path and the file contents will be displayed accordingly.
# Open the file in read mode
with open(‘/proc/self/environ’, ‘r’) as file:
# Print the contents of the file
Bug appears at this link:
Chrome browser/Win 11