Y
Hacker News
new
|
ask
|
show
|
jobs
by
stevekemp
2945 days ago
Now that it has been fixed I'll say the site previous allowed you to enter URLs of the form `file:///etc/passwd`, which were then rendered in the PDF output.
In short arbitrary local file inclusion.