New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Directory Traversal Vulnerability #29

Closed

cry-inc opened this issue Aug 11, 2021 · 1 comment

Labels

bug

cry-inc commented Aug 11, 2021

The server will serve files outside the specified root.

Version: v0.1.5
OS: Windows 10
Binary: Precompiled Windows x64 v0.1.5 downloaded on the release pages

Steps to reproduce on Windows (did not test any other OS):

Download precompiled binary and extract
Create folder C:\htdocs
Start ran with ".\ran_windows_amd64.exe -root=C:\htdocs"
Run "wget http://127.0.0.1:8080/foobar\..\..\Windows\win.ini" (does not work in browsers, they will clean the URL first)

When using -listdir=true its also possible to browse folders and navigate around.

m3ng9i added the bug label

m3ng9i added a commit that referenced this issue


          Fix directory traversal vulnerability under Windows (#29)

fcfc1a1

Owner

m3ng9i commented Aug 19, 2021

Thanks, I've update the code, try v0.1.6.

m3ng9i closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment