Hacker News new | ask | show | jobs
by stevekemp 2946 days ago
Do you have a security contact address?

Edit : Emailed your contact@brainhashed address.
1 comments
stevekemp 2945 days ago
Now that it has been fixed I'll say the site previous allowed you to enter URLs of the form `file:///etc/passwd`, which were then rendered in the PDF output.

In short arbitrary local file inclusion.

link