Written by: Adhyayan Panwar Executive summary \n \n On February 25, 2022, an Akamai researcher in conjunction with a CredShields researcher were able to find a local file inclusion (LFI) vulnerability in Hashnode, a blogging tool known among the developer community \n \n The team ethically disclosed and worked with Hashnode to provide a solution \n \n The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download local files from Hashnode’s server \n \n This access allowed the researchers to bypass CDN proxy and obtain SSH keys, IP and network information, and potentially other information that attackers could potentially abuse \n \n Akamai has monitored more than 5 million LFI attacks over the past six months — a 141% increase over the previous six months \n \n LFI attacks are an attack vector that could cause major damage to an organization, as a threat actor could obtain information about the network for future reconnaissance, breach,…