andygup
commented
1 year ago Thanks for reporting @kriso4os. I'll close out this issue with a note that the repo is going to be archived imminently, and we are adding verbiage that these proxies should not be used.
The default configuration of the proxy 'matchAll="true"' is susceptible to the Path Traversal vulnerability, which bypasses the 'serverUrl' parameter. For example: if
<serverUrl url="http://127.0.0.1:80/myserver/web/">is set, any access to "http://127.0.0.1:80/myserver/rest/" is restricted. However, using a basic Path Traversal technique, this can be bypassed: "http://127.0.0.1:80/myserver/web/../rest/" This was tested and confirmed for the DotNet proxy, but after some static analysis, the Java and PHP ones look vulnerable as well.