Responsible Disclosure Story: Reporting an LFI Vulnerability to a Major Indian Bank
Started with curiosity, ended with an acknowledgment from the Information Security Department of one of India’s major banks.
A few weeks ago, while testing an internet-facing application, I discovered a Local File Inclusion (LFI) vulnerability that allowed arbitrary file reads through an exposed parameter. After responsible verification and documentation, I privately reported the issue to the bank’s security team with detailed impact analysis and proof-of-concept evidence.
The vulnerability exposed sensitive internal files, runtime environment data, and backend configuration paths — a reminder of how a single overlooked validation can open doors to serious security risks.
Today, I received this official appreciation letter from the Information Security Department of J&K Bank acknowledging the responsible disclosure and contribution towards strengthening their security posture.
No drama. No noise. Just hours of research, patience, ethical hacking, and responsible disclosure.
Moments like this remind me why I love cybersecurity.
Still learning. Still hunting. 🚀
#BugBounty #CyberSecurity #EthicalHacking #InfoSec #SecurityResearch #LFI #OWASP #ResponsibleDisclosure #BugHunter #CyberSecurityResearcher”