Problem: Path Traversal Vulnerability via Illegal URL Destination Parameter
How to Recreate:
Normally, when passing the destination parameter, a file is downloaded.
However, if characters like ../ are added and passed as a parameter after URL encoding, it enables access to files outside of the directory.
For instance, the string ../test/jest-e2e.json, when URL encoded, can be passed as the destination parameter:
localhost:3000/files/download/..%2Ftest%2Fjest-e2e.json.
This results in the file being served as a response, potentially exposing information.
Response:
The content of jest-e2e.json file is served as a response, revealing data:
Problem: Path Traversal Vulnerability via Illegal URL Destination Parameter
How to Recreate:
../
are added and passed as a parameter after URL encoding, it enables access to files outside of the directory.../test/jest-e2e.json
, when URL encoded, can be passed as the destination parameter:localhost:3000/files/download/..%2Ftest%2Fjest-e2e.json
.Response: The content of
jest-e2e.json
file is served as a response, revealing data: