Privilege: User
File path isn’t properly sanitized and allow ..\
.
First, create a user with Read
privilege and with specific home folder like /test
. Then, Connect to his account and access the home page http://localhost:8080/
:
From this, change folder using path traversal via cd
parameter:
As you can see, we are able to view folder content.
First, create a user with Read
and Write
privileges and with specific home folder like /test
. Then, Connect to his account and access the home page http://localhost:8080/
. From here create a new file named ..\test.txt
and then go to the root folder with another account:
You will see that the file was created outside of the test user’s folder limitation.
PS: Note that the same could be done to all features in the file https://github.com/filegator/filegator/blob/642bb273334207359166d48b6c719a89e98a0676/backend/Controllers/FileController.php
due to:
$this->separator