Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Issue] Path Traversal #2 #8

Closed
patrickhener opened this issue Oct 21, 2020 · 1 comment
Closed

[Security Issue] Path Traversal #2 #8

patrickhener opened this issue Oct 21, 2020 · 1 comment
Assignees
@patrickhener
Labels
Security Issue
Projects
v0.0.6

Comments

@patrickhener
Copy link
Owner

Oh now :( 🤦

GET /cf985bddf28fed5d5c53b069d6a6ebe601088ca6e20ec5a5a8438f8e1ffd9390/bulk-file?file=%252Fgo.mod&file=%252Fgo.sum&file=../../../../../../etc/passwd HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost:8000/
Upgrade-Insecure-Requests: 1

This will happily give you the passwd in the zip file. Once again need to sanitize path
@patrickhener patrickhener self-assigned this Oct 21, 2020
@patrickhener patrickhener added this to In progress in v0.0.6 Oct 21, 2020
patrickhener pushed a commit that referenced this issue Oct 21, 2020
Fixed Issue #8 - [Security Issue] Path Traversal 2
a0d44f7
@patrickhener
Copy link
Owner Author

Fixed

@patrickhener patrickhener moved this from In progress to Done in v0.0.6 Oct 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@patrickhener patrickhener

Labels
Security Issue
Projects
No open projects
v0.0.6
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patrickhener