search

evgenyigumnov / cblt

Safe and fast minimalistic web server, written in Rust, that serves files from a directory and proxies requests to another server.
MIT License
39 stars 7 forks source link

Path traversal vulnerability #1

Closed rvolgers closed 1 week ago

rvolgers commented 1 week ago

I mostly use the default server config using cargo run --release (only changed port to 8080 and commented out the SSL part because binding to ports below 1024 requires root privileges).

Then, I use netcat to manually do a HTTP request (because curl normalizes URLs which can affect the demonstration):

$ nc 127.0.0.1 8080
GET /../Cargo.toml HTTP/1.1
Host: example.com

The server will respond with the contents of the Cargo.toml, which is outside the "assets" directory which is configured in the Cbltfile and as such should not be accessible.

evgenyigumnov commented 1 week ago

WoW! Cool! I will fix! Thanks!

evgenyigumnov commented 1 week ago

https://github.com/evgenyigumnov/cblt/commit/a4bd99446ef900f800615e74d1fdcfc464c47d61