Collaborate Disseminate
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{script:.+[.]js}")
@Produces(MediaT… Continue reading how to exploit pathtraversal vulnerability
This question is a duplicate of Is it safe to add . to my PATH? How come?
This is in the context of the user’s PATH variable.
I can’t number why, but somehow I got the impression it’s a bad idea to add . to your linux PATH for security re… Continue reading Is it safe to add "." to the Linux PATH variable? [closed]
I just read about the canonical function in C++`:
https://en.cppreference.com/w/cpp/filesystem/canonical
It says it is modeled on realpath().
I would like to know:
In what way is it different from realpath()?
Realpath exists only for Linu… Continue reading Canonical file path in Window [migrated]
Say I want to do source $VIRTUAL_ENV/bin/activate in my bashrc whenever the VIRTUAL_ENV is defined.
In general, the idea of running a script pointed by an environment variable seems a bit fishy as it can by writable by other users. So it w… Continue reading bash: how to securely source a script from an environment variable
I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call:
File.Open("C:\Resources\"+resName+".res", FileMode.Open)
The contents of tha… Continue reading Any Windows/NTFS trick to ignore/cancel out a file extension from a path?
Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows.
The request URL which our application intended to accept is www.host.com/… Continue reading Some random string is appended prefixed by a DOT at the end of URL
I used zap to scan one of my websites and found a path traversal issue.
These are the informations:
Attack: c:/
URL: www.example.com/example.php
Parameter: mail
I am now tinkering around in the browser and in CMD with curl and try to… Continue reading Using this path traversal security issue
I have an external server make backups of my main server via scp and a backup-only user account. I successfully restricted it to scp only using GNU Rush.
The scp command below executed on the backup server downloads /var/www/website1/fil… Continue reading Sanitising a file/folder path from user input
It turns out that there’s a pretty easy-to-exploit vulnerability when using ‘go get’ and the new modules functionality in Go. My search fu isn’t finding any existing publication of the vulnerability in either google results … Continue reading Registering/finding CVE for a PATH vulnerability when using go modules
Are there any dangers of extending my PATH, say by adding /Users/me/bin?