If you own an iPhone or an Android device, then the chances are high that you're familiar with the extremely popular cross-platform messaging app, WhatsApp.
According to a whitehat hacker Mohammed Saeed, Whatsapp media server (media.whatsapp.com) interface was vulnerable to Traversal local file inclusion. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.
Flaw allowed hacker to gather usernames via an "/etc/passwd" file and also another sensitive files like log files i.e "/apache/logs/error.log" or "/apache/logs/access.log".
Flaw was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week.
If you are also penetration tester and have something buggy that can help Whatsapp team to make there service more secure, feel free to contact them at support@whatsapp.com.
Flaw was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week.
If you are also penetration tester and have something buggy that can help Whatsapp team to make there service more secure, feel free to contact them at support@whatsapp.com.