Questions tagged [path-injection]
The path-injection tag has no summary.
30 questions
1vote
1answer
24views
Is using req.path as a file path in an Express route vulnerable?
Let's say we have this simple Express application const express = require('express') const app = express(); app.get("/public/*", (req, res) => { res.sendFile(req.path); }); app....
- 377
1vote
1answer
72views
how to exploit pathtraversal vulnerability
I am pentesting an http server using jetty, where I have access to the code. One of the urls I am looking at is get /services/test.js Looking at the code below: @GET @Path("services/{...
- 465
0votes
1answer
399views
bash: how to securely source a script from an environment variable
Say I want to do source $VIRTUAL_ENV/bin/activate in my bashrc whenever the VIRTUAL_ENV is defined. In general, the idea of running a script pointed by an environment variable seems a bit fishy as it ...
- 103
1vote
0answers
174views
Any Windows/NTFS trick to ignore/cancel out a file extension from a path?
I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call: File.Open("C:\Resources\"+resName+".res&...
1vote
1answer
418views
Some random string is appended prefixed by a DOT at the end of URL
Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows. The request URL which our ...
- 111
2votes
1answer
814views
Using this path traversal security issue
I used zap to scan one of my websites and found a path traversal issue. These are the informations: Attack: c:/ URL: www.example.com/example.php Parameter: mail I am now tinkering around in the ...
- 157
3votes
1answer
1kviews
Sanitising a file/folder path from user input
I have an external server make backups of my main server via scp and a backup-only user account. I successfully restricted it to scp only using GNU Rush. The scp command below executed on the backup ...
- 441
2votes
1answer
141views
What are the dangers of extending my PATH?
Are there any dangers of extending my PATH, say by adding /Users/me/bin?
- 1,670
0votes
2answers
957views
Check for vulnerabilities on website having an error with realpath PHP
I found a website with a download.php file which can get different values in the url parameter (e.g. www.example.com/download.php?url=value). When I give ../../ as a value for the url it throws me the ...
- 103
4votes
1answer
3kviews
strstr and fopen, is there a bypass?
I have a binary that does this: if (strstr(USERCONTROLLERSTRING, "..")) exit; fopen(CurrentPath+"\\Data\\"+USERCONTROLLEDSTRING, "r"); then spits out all the content of the file. Is there any obvious ...
- 193
92votes
8answers
18kviews
Can secret GET requests be brute forced? [duplicate]
Say, I have on my server a page or folder which I want to be secret. example.com/fdsafdsafdsfdsfdsafdrewrew.html or example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html If the ...
- 911
8votes
2answers
3kviews
Do sudo and .profile/.bashrc enable trivial privilege escalation?
First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would ...
- 225
1vote
1answer
237views
Unable to replace linux binary
I'm working on a linux privilege escalation. This is the situation: I'm able to write to /bin, and I only have sudo access to run a script. This script just prints information with an echo. I copied ...
- 183
1vote
3answers
11kviews
Path traversal via filename
Is it possible to perform path traversal by setting the filename of an uploaded path to include a path? Does Windows/Linux/any other operating system allow such filenames? For example, naming a file "...
- 441
1vote
3answers
1kviews
Is it dangerous to pass user input to the require function in Node.js?
TL;DR: Is it dangerous to have user input used in a require function in Node.js? Can it be used to read files, and if so how can I protect against that? For example, I have an ExpressJS server running,...
- 111
