1) Directory traversal - If you make a request like GET /../secret.txt then you can access files outside of the document root. You can't exploit this in most web browsers because they normalize the path, but if you use a tool like Burp you can.
2) Cross-site scripting - If there's a file named < i >foo.txt or similar (possible on Linux, not Windows) then the tags appear in directory listings. Probably not exploitable in any likely scenario, but would be worth fixing.
I did look for some contact info to submit this privately but couldn't find any.
Thanks @paj28 - this was actually a quick hackathon project and not really intended for any kind of serious use, but appreciate the comments - might try patching them up when I get some time off :)
The web server has a couple of security issues:
1) Directory traversal - If you make a request like GET /../secret.txt then you can access files outside of the document root. You can't exploit this in most web browsers because they normalize the path, but if you use a tool like Burp you can.
2) Cross-site scripting - If there's a file named < i >foo.txt or similar (possible on Linux, not Windows) then the tags appear in directory listings. Probably not exploitable in any likely scenario, but would be worth fixing.
I did look for some contact info to submit this privately but couldn't find any.