July 28, 2025

Alvaro

Muñoz

Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

A complete arbitrary local file read vulnerability achieved through an ingenious byte-by-byte exfiltration technique.

https://xbow-website-b1b.pages.dev/traces/https://xbow-website.pages.dev/traces/titiler-local-file-inclusion/