LFI bug in /api/get_file

adrgs / requestrepo

Analyze HTTP and DNS requests and create custom DNS records for your subdomain

https://requestrepo.com

MIT License

384 stars 20 forks source link

LFI bug in /api/get_file #53

Closed adrgs closed 5 months ago

adrgs commented 5 months ago

verify_jwt does not check that the subdomain contains only characters from SUBDOMAIN_ALPHABET. This allows an attacker that gets the JWT key to set a subdomain like ../../../../etc/passwd and read internal files in the Docker container.

adrgs commented 5 months ago

Added stronger checks for verify_jwt in 5863052