Questions tagged [path-injection]
The path-injection tag has no summary.
31 questions
2
votes
0
answers
90
views
new index.php trailing path attack, possibly directed at some framework
TL;DR: seeing a website attack that's new to us, wondering if it is a known thing, or if it's directed at some framework that we're not using. The attack is against a site's index.php script and feeds ...
- 21
1
vote
1
answer
98
views
Is using req.path as a file path in an Express route vulnerable?
Let's say we have this simple Express application
const express = require('express')
const app = express();
app.get("/public/*", (req, res) => {
res.sendFile(req.path);
});
app....
- 417
1
vote
1
answer
108
views
how to exploit pathtraversal vulnerability
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{...
- 559
0
votes
1
answer
494
views
bash: how to securely source a script from an environment variable
Say I want to do source $VIRTUAL_ENV/bin/activate in my bashrc whenever the VIRTUAL_ENV is defined.
In general, the idea of running a script pointed by an environment variable seems a bit fishy as it ...
- 103
1
vote
0
answers
194
views
Any Windows/NTFS trick to ignore/cancel out a file extension from a path?
I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call:
File.Open("C:\Resources\"+resName+".res&...
1
vote
1
answer
442
views
Some random string is appended prefixed by a DOT at the end of URL
Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows.
The request URL which our ...
- 111
2
votes
1
answer
870
views
Using this path traversal security issue
I used zap to scan one of my websites and found a path traversal issue.
These are the informations:
Attack: c:/
URL: www.example.com/example.php
Parameter: mail
I am now tinkering around in the ...
- 157
3
votes
1
answer
1k
views
Sanitising a file/folder path from user input
I have an external server make backups of my main server via scp and a backup-only user account. I successfully restricted it to scp only using GNU Rush.
The scp command below executed on the backup ...
- 441
2
votes
1
answer
176
views
What are the dangers of extending my PATH?
Are there any dangers of extending my PATH, say by adding /Users/me/bin?
- 1,670
0
votes
2
answers
992
views
Check for vulnerabilities on website having an error with realpath PHP
I found a website with a download.php file which can get different values in the url parameter (e.g. www.example.com/download.php?url=value). When I give ../../ as a value for the url it throws me the ...
- 103
4
votes
1
answer
4k
views
strstr and fopen, is there a bypass?
I have a binary that does this:
if (strstr(USERCONTROLLERSTRING, "..")) exit;
fopen(CurrentPath+"\\Data\\"+USERCONTROLLEDSTRING, "r");
then spits out all the content of the file. Is there any obvious ...
- 193
92
votes
8
answers
18k
views
Can secret GET requests be brute forced? [duplicate]
Say, I have on my server a page or folder which I want to be secret.
example.com/fdsafdsafdsfdsfdsafdrewrew.html
or
example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html
If the ...
- 911
8
votes
2
answers
3k
views
Do sudo and .profile/.bashrc enable trivial privilege escalation?
First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would ...
- 225
1
vote
1
answer
256
views
Unable to replace linux binary
I'm working on a linux privilege escalation. This is the situation: I'm able to write to /bin, and I only have sudo access to run a script. This script just prints information with an echo.
I copied ...
- 183
1
vote
3
answers
11k
views
Path traversal via filename
Is it possible to perform path traversal by setting the filename of an uploaded path to include a path? Does Windows/Linux/any other operating system allow such filenames?
For example, naming a file "...
- 441