Socket.io-file 2.0.31 - Arbitrary File Upload

Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload Date: 2020-07-02 Exploit Author: Cr0wTom Vendor Homepage: https://www.npmjs.com/package/socket.io-file Software Link: https://www.npmjs.com/package/socket.io-file/v/2.0.31 Version: = v2.0.31 Tested on: node v10.19.0, Socket.io-file...

Node.js third-party modules: [socket.io] Cross-Site Websocket Hijacking

I would like to report Cross-Site Websocket Hijacking in socket.io It allows an attacker to bypass origin protection using special symbols include "" and "$" Module module name: socket.io version: 2.3.0 npm page: https://www.npmjs.com/package/socket.io Module Description Socket.IO enables real-ti...

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

Path traversal

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

CVE-2020-15779

CVE-2020-15779: Path traversal in socket.io-file (Node.js) up to 2.0.31. The socket.io-file::createFile path uses path.join with ../ in the name, with uploadDir and rename options further determining the target path, enabling possible arbitrary file writes. Exploitation details are not provided i...

Path Traversal

socket.io-file is vulnerable to path traversal. The vulnerability is possible as file upload paths are generated by directly passing unsanitised user-provided name to path.join in the function socket.io-file::createFile through uploadDir and rename options...

Path Traversal in socket.io-file

All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...

GHSA-9H4G-27M8-QJRG Path Traversal in socket.io-file

All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...

Path Traversal

Overview All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to...

Memory Leaks

socket.io-adapter is vulnerable to memory leak.This occurs because the function Adapter.prototype.del in index.js leaves a room without properly validating the closure of a socket, allowing an attacker to trigger memory leaks by sending the leave signals...

UPDATE: FactionC2 2019-10-20

PenTestIT RSS Feed FactionC2 2019-10-20 was released a couple of days ago by the author. This C2 framework was briefly mentioned in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This release most importantly contains upgrades to .Net Core 3 version among additional...

GHSA-J3JP-GVR5-7HWQ python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

Unspecified vulnerability in socket.io

socket.io is an application framework that supports real-time two-way traffic. A security vulnerability exists in socket.io that stems from the program's reliance on the 'Math.random' function to create socket IDs, which can be exploited by an attacker to guess the socket ID and gain access to th...

CVE-2017-16217

fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

Directory traversal

fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...