The $300 Journey from RFI to RCE that Changed Everything

Dhabaleshwar Das
14 min readNov 17, 2024

This story dates back to about three years ago, but it’s one of those incidents that stuck with me. So, I thought, why not share it as my first blog on Medium? It’s a story about passion, curiosity, and how a casual call turned into an unexpected adventure in cybersecurity. And before you ask — yes, the screenshots I’ve added here are from my localhost. I recreated everything to document it later because, unfortunately, I can’t share the original screenshots for obvious reasons. So, let’s start from the beginning.

The Story

It was a lazy Sunday afternoon when I got a call from my friend, Karan. Now, Karan is one of those friends who never calls unless it’s something major — like needing a kidney or borrowing your bike for a date.

“Bhai, mujhe teri help chahiye, (Bro, I need your help!)” he said, sounding unusually serious.

“What happened? Did you crash your bike again?” I replied, half-joking.

“No, no, it’s about my uncle Rajesh. Remember him?”

“Ah, the legendary Rajesh Uncle. The man, the myth, the teacher who thinks WhatsApp forwards are actual news. Of course, I remember.”

“Listen, his blog has been doing really well lately, but he’s worried about its security. Can you take a look?”

--

--

Dhabaleshwar Das
Dhabaleshwar Das

Written by Dhabaleshwar Das

🐞 Pentester with 300+ CVEs, catching bugs like a pro, dropping knowledge like chai spills, and breaking apps (not hearts). Follow for laughs & chaos!

Responses (20)