Path traversal #567

dcRUSTy · 2020-09-20T17:00:24Z

Navigate to
http://127.0.0.1:2525/
then
http://127.0.0.1:2525/releases/v2.3.0%2f..%2f..%2f_header

Expected behaviour

Error
...

Actual behaviour

It renders /src/views/_header.ejs

...

Further Possibilities

Code Execution even without --allowInjection if malicious user knows location of malicious .ejs file on filesystem
...

Software versions used

OS         : Windows 10
mountebank : 2.3.0

Log contents in mb.log when running mb --loglevel debug

info: [mb:2525] mountebank v2.3.0 now taking orders - point your browser to http://localhost:2525/ for help
debug: [mb:2525] config: {"options":{"loglevel":"debug","port":2525,"noParse":false,"pidfile":"mb.pid","nologfile":false,"logfile":"mb.log","allowInjection":false,"localOnly":false,"ipWhitelist":["*"],"mock":false,"debug":false,"heroku":false,"protofile":"protocols.json"},"process":{"nodeVersion":"v12.18.0","architecture":"x64","platform":"win32"}}
info: [mb:2525] GET /images/book.jpg
info: [mb:2525] GET /images/book.jpg

The text was updated successfully, but these errors were encountered:

#567

bbyars#567

bbyars added a commit that referenced this issue Sep 27, 2020

Fixed path traversal issue

99ff7f5

#567

bbyars closed this as completed Sep 27, 2020

mikeschinkel pushed a commit to jbolda/mountebank that referenced this issue Apr 2, 2021

Fixed path traversal issue

479d03c

bbyars#567

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Path traversal #567

Path traversal #567

dcRUSTy commented Sep 20, 2020

Path traversal #567

Path traversal #567

Comments

dcRUSTy commented Sep 20, 2020

Expected behaviour

Actual behaviour

Further Possibilities

Software versions used

Log contents in mb.log when running mb --loglevel debug