Study case for path traversal vulnerability on path.combine function in the asp.net core
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more about the CLI.
Please sign in to use Codespaces.
If nothing happens, download GitHub Desktop and try again.
If nothing happens, download GitHub Desktop and try again.
If nothing happens, download Xcode and try again.
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Study case for path traversal vulnerability on path.combine function in the asp.net core.
Line 14 is the data input parameter to pass data to the vulnerable function.
Line 21 is the vulnerable function that combining the temp path with the data input from the parameter.
If you comment line 20 the code will be sanitized and the vulnerability will be fixed by using Path.GetFileName(); to sanitize the file name.
Study case for path traversal vulnerability on path.combine function in the asp.net core