Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preserve path traversal vulnerability #142

Closed
derevnjuk opened this issue Jun 5, 2023 · 0 comments · Fixed by #143 or #144
Closed

Preserve path traversal vulnerability #142

derevnjuk opened this issue Jun 5, 2023 · 0 comments · Fixed by #143 or #144
Assignees
@derevnjuk
Labels
Priority: high Type: bug Something isn't working

Comments

@derevnjuk
Copy link
Member

The current implementation of URL parsing and validation in the application does not allow to detect the directory traversal vulnerability. The application is using the secure WHATWG API instead of the less secure url.parse().

Steps to Reproduce:

  1. Use the following URLs to exploit the vulnerability:
  • http://192.168.0.161:3000/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
  • http://192.168.0.161:3000/public/../../../../../../etc/passwd
  1. Observe the resulting URL after parsing and validation.

Expected Result:
The application should send a request by the following /public/../../../../../../etc/passwd paht. The resulting URL should allow access to sensitive files outside the intended directory.

Actual Result:
The application does not allow directory traversal attacks. As a result, the parsed URL is http://192.168.0.161:3000/etc/passwd.
@derevnjuk derevnjuk added Priority: high Type: bug Something isn't working labels Jun 5, 2023
@derevnjuk derevnjuk self-assigned this Jun 5, 2023
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): preserve path traversal vulnerability
70ff208 
closes #142
@derevnjuk derevnjuk mentioned this issue Jun 5, 2023
Merged
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): preserve path traversal vulnerability
2916b6e 
closes #142
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): preserve path traversal vulnerability
ceed930 
closes #142
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): preserve path traversal vulnerability
5abce31 
closes #142
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): preserve path traversal vulnerability (#143)
4a2e457 
closes #142
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): improve error handling
760f6ed 
fixes #142
@derevnjuk derevnjuk mentioned this issue Jun 5, 2023
Merged
derevnjuk added a commit that referenced this issue Jun 5, 2023
@derevnjuk
fix(repeater): improve error handling (#144)
7dcf753 
fixes #142
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@derevnjuk derevnjuk

Labels
Priority: high Type: bug Something isn't working
Projects
None yet
Milestone
No milestone
1 participant
@derevnjuk