Fixed path traversal vulnerability when symlinking directories #3
Conversation
huntr-helper
requested review from
Mik317,
bbeale,
mufeedvh and
toufik-airane
|
@alromh87 - this bounty was duplicate and so we are closing! Apologies! 🍰 |
|
Sorry alromh87, we enjoyed reviewing your fix but it has not been selected this time. If this bounty has not been closed, please feel free to try again with a new pull request! We appreciate your effort and look forward to reviewing more of your fixes in the future! 🔨😎 |
|
I dont think it is duplicated, this fix targets symlinking directories after attempted fix , that deals correctly with symlinking files This PR targets missing filters Please |
|
Apologies - we'll look to re-review this tomorrow 👍 |
|
@418raj Reopened at #4 |
|
@alromh87 - we have this re-reviewed soon! Thanks for getting in touch! 🍰 |
4 participants
📊 Metadata *
Creating a symlink to a directory could allow acces to system files
Bounty URL: https://www.huntr.dev/bounties/2-npm-superstatic/
⚙️ Description *
Path is tested for symlinked directories, in case it is request is denied
💻 Technical Description *
If symlink filter is enabled and file is not symlink every directory in the path, starting from base directory, is tested to be symlink, in positive case request is denied
🐛 Proof of Concept (PoC) *
1)Install the Superstatic module
$ npm install -g superstatic
2)Make a directory
$ mkdir test
3)Go to 'test' directory
$ cd test
4)create a symlink file to directory
ln -s /etc/ 'dirname'
5)Run Superstatic module
Superstatic
6)Request the file within browser
http://localhost:3474/'dirname'/'regularfile'
http://localhost:3474/poc/passwd
7)Content of file is returned to browser
🔥 Proof of Fix (PoF) *
After fix error page is shown, any symlink in the path will be recognized
👍 User Acceptance Testing (UAT)
Original functionality unafected
