MaGe Linux Operations

May 31, 2017 · Information Security

How I Uncovered a Critical LFI Vulnerability in Oracle Responsys Cloud Service

The article details the discovery of a local file inclusion (LFI) flaw in Oracle Responsys, explains how crafted requests exploit the _ri_ parameter to read arbitrary files, highlights the impact on major companies like Facebook and LinkedIn, and describes the responsible disclosure that led to a rapid patch.