Collaborate Disseminate
I’m just wondering..
Are public,visible paths/folder structures mean security risk for a website? For example, as you can see our folder structure and file names are clearly visible in our ajax calls. This code is public beca… Continue reading Are public paths/folder structures mean security risks for a website?
I found a website with a download.php file which can get different values in the url parameter (e.g. www.example.com/download.php?url=value). When I give ../../ as a value for the url it throws me the following error on the p… Continue reading Check for vulnerabilities on website having an error with realpath PHP
I have a binary that does this:
if (strstr(USERCONTROLLERSTRING, “..”)) exit;
fopen(CurrentPath+”\\Data\\”+USERCONTROLLEDSTRING, “r”);
then spits out all the content of the file. Is there any obvious vulnerability here?
Say, I have on my server a page or folder which I want to be secret.
example.com/fdsafdsafdsfdsfdsafdrewrew.html
or
example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html
If the secret part of the path is… Continue reading Can secret GET requests be brute forced?
First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would mitigate the issues described here. What I… Continue reading Do sudo and .profile/.bashrc enable trivial privilege escalation?
Is it possible to perform path traversal by setting the filename of an uploaded path to include a path? Does Windows/Linux/any other operating system allow such filenames?
For example, naming a file “../test.txt” (if it’s possible at all)… Continue reading Path traversal via filename
I have a Linux-based embedded system with web-interface for management purposes. According to one security paper, this web-server has rudimentary filter against directory traversal attacks in URL parameters. So in order to bypass the “../”… Continue reading Path traversal filter bypass techniques?
I don’t know if this is some injection attempt or a weird bot or what ever. An IP opened several pages within my Drupal 7 website with the appendix
http://domain.com/some/url/$tags.get(%22pixelLink%22)
I didn’t find anything on Google. Wh… Continue reading Should I be concerned about the following URLs that were tried to open on my webpage?
I’m building a web app that uses S3. In some of our operations, we’re creating a file on S3 with a path that’s directly dependent on user input, so an attacker might cause a file to be created on S3 with whichever path he wants.
Is there … Continue reading Any vulnerabilities in allowing users to choose path of S3 file?