This is a writeup describing a local file inclusion (LFI) vulnerability in React software. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'action' parameter in the URL.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:React software (version unspecified)
No auth needed
Prerequisites:Access to the vulnerable URL endpoint