A simple HTTP file storage service written in C.
This program starts a static file server on port 8000. This server responds to GET requests with the relevant file in the static folder. And it uploads files contained in the body of POST requests to the static folder.
If you have make installed, you can run the program with the command
make runIf you do not have `make`` installed, you can run the program by running the following commands:
gcc -o server.out server.c
./server.out
When you make a GET request, the server returns the file if it exists and a 404 error otherwise.
curl 127.0.0.1:8000/index.html
--- OUTPUT ---
<html>
Static File Server
</html>curl 127.0.0.1:8000/non-existing-file
--- OUTPUT ---
404: Resource Not FoundThe program does not handle POST requests from CURL correctly, so the instructions below will not work exactly as expected. File upload requests made as binary with Postman work fine, though. No other clients have been tested.
curl -X POST -F "file=@/path/to/your/file.txt" http://example.com/upload
--- OUTPUT ---
File uploaded
7Zcd2WFpvf2rsuTI- The concept for this project was to create a server that could serve files and upload files, similar to Filebin or Imgur. Because of this, it is not designed to respond to paths endwith with a
/with the relevantindex.htmlfile in the way a regular web server would. - The server does not handle POST requests from some clients correctly.
- The server is vulnerable to path traversal attacks, which could allow a negative actor to access an arbitrary file on the running systems file system.
- The server does not append the correct file extensions to uploaded files. When a file is uploaded to the server, it is stored as an extensionless file. This could potentially be done by looking at the
Content-Typeheader of requests.
This project is inspired by and built with knowledge from the static file server example in the book 'Hacking: The Art of Exploitation'.