HTTP directory traversal vulnerability

dubyte / dir2opds

Serve an OPDS based on a directory

GNU General Public License v3.0

59 stars 12 forks source link

Closed masked-owl closed 5 months ago

masked-owl commented 6 months ago

Security issue, server allows directory transversal with a crafted URL. Example of Vulnerable URL: http://localhost:8100/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd

dubyte commented 5 months ago

Thanks for reporting this I will check this out.

dubyte commented 5 months ago

Thank you again; this is fixed now on the new version.