path-injection – Page 2 – WindowsTechs.com

Check for vulnerabilities on website having an error with realpath PHP

Posted on July 30, 2018 by Mark Frankli

I found a website with a download.php file which can get different values in the url parameter (e.g. www.example.com/download.php?url=value). When I give ../../ as a value for the url it throws me the following error on the p… Continue reading Check for vulnerabilities on website having an error with realpath PHP→

strstr and fopen, is there a bypass?

Posted on July 18, 2018 by JohnDoes

I have a binary that does this:

if (strstr(USERCONTROLLERSTRING, “..”)) exit;
fopen(CurrentPath+”\\Data\\”+USERCONTROLLEDSTRING, “r”);

then spits out all the content of the file. Is there any obvious vulnerability here?

I… Continue reading strstr and fopen, is there a bypass?→

Can secret GET requests be brute forced?

Posted on June 19, 2018 by Kargari

Say, I have on my server a page or folder which I want to be secret.

example.com/fdsafdsafdsfdsfdsafdrewrew.html

example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html

If the secret part of the path is… Continue reading Can secret GET requests be brute forced?→

Do sudo and .profile/.bashrc enable trivial privilege escalation?

Posted on June 11, 2018 by Socob

First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would mitigate the issues described here. What I… Continue reading Do sudo and .profile/.bashrc enable trivial privilege escalation?→

Path traversal via filename

Posted on January 11, 2018 by user1118764

Is it possible to perform path traversal by setting the filename of an uploaded path to include a path? Does Windows/Linux/any other operating system allow such filenames?

For example, naming a file “../test.txt” (if it’s possible at all)… Continue reading Path traversal via filename→

Should I be concerned about the following URLs that were tried to open on my webpage?

Posted on August 1, 2014 by Alex

I don’t know if this is some injection attempt or a weird bot or what ever. An IP opened several pages within my Drupal 7 website with the appendix
http://domain.com/some/url/$tags.get(%22pixelLink%22)

I didn’t find anything on Google. Wh… Continue reading Should I be concerned about the following URLs that were tried to open on my webpage?→

Any vulnerabilities in allowing users to choose path of S3 file?

Posted on February 24, 2014 by Ram Rachum

I’m building a web app that uses S3. In some of our operations, we’re creating a file on S3 with a path that’s directly dependent on user input, so an attacker might cause a file to be created on S3 with whichever path he wants.

Is there … Continue reading Any vulnerabilities in allowing users to choose path of S3 file?→