The Hacker News Logo
Subscribe to Newsletter

Vulnerability in Whatsapp messenger media server

Hacking Whatsapp messenger
If you own an iPhone or an Android device, then the chances are high that you're familiar with the extremely popular cross-platform messaging app, WhatsApp.

According to a whitehat hacker Mohammed Saeed, Whatsapp media server ( interface was vulnerable to Traversal local file inclusion. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.

Flaw allowed hacker to gather usernames via an "/etc/passwd" file and also another sensitive files like log files i.e  "/apache/logs/error.log" or "/apache/logs/access.log".

Flaw was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week.

If you are also penetration tester and have something buggy that can help Whatsapp team to make there service more secure, feel free to contact them at

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.