jaguar icon indicating copy to clipboard operation
jaguar copied to clipboard

Published 20 hours ago verified publisher icon Jaguar-dart

Directory traversal vulnerability for static file

Open leamlidara opened this issue 2 years ago • 1 comments

This is my code server.staticFiles('/pf-img/*', 'profile');

and this is my url http://127.0.0.1:1337/pf-img/..%2Fdaplogfile.txt http://127.0.0.1:1337/pf-img/..%2F..%2Fdatabase.sql

both files are existed and accessible on my PC.

leamlidara avatar May 09 '22 12:05 leamlidara

You do know that you specify the folder? if you don't want those files accessible remove them from that folder.

lexia-boris avatar Jul 28 '22 12:07 lexia-boris