I would like to report Path Traversal in statichttpserver. It allows to list any file in another folder of web root.
module name: statichttpserverversion:0.9.7npm page: https://www.npmjs.com/package/statichttpserver
‘statichttpserver’ is inspired by SimpleHTTPServer.py and is intended to be a fast and easy to use static file server.
statichttpserver is simply get the path name of url and add it to the web root. it means if you input …/, it will happy add it to web root and you can list the folder you choose. But the trick is web browser or curl are also to try rebuild the url containing …/. I used the burp to make a raw url and send it to server.
install statichttpserver
$ npm install -g statichttpserver
start program
$ StaticHTTPServer --ip 192.168.220.132
start burpsuite and enter the url contain …/. you should see the files in the folder.
{F485830}
filter … in the path name.
Configuration I’ve used to find this vulnerability:
This vulnerability allows malicious user to list file in the folder. This might expose vectors to attack system with Remote Code Execution, reveals files with usernames and passwords and many other possibilities.