Security Fix for Path Traversal - huntr.dev #280
Conversation
[FIX] Path traversal through Symlink files
Wrongly closed: Fixed path traversal vulnerability when symlinking directories
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
1 similar comment
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
|
@alromh87 - would you be able to sign the CLA? 🍰 |
|
@googlebot I consent. |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
1 similar comment
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
|
@JamieSlome Sure, is this the right way? #280 (comment) |
|
@alromh87 - all done. Thanks! 🍰 |
|
Duplicate of #275 |
https://huntr.dev/users/alromh87 has fixed the Path Traversal vulnerability 🔨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#4
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/superstatic/2/README.md
User Comments:
📊 Metadata *
Still valid as it fixes a Vulnerability after proposed fix #2
Creating a symlink to a directory could allow acces to system files, proposed fix handles symlinked files but not directories
Bounty URL: https://www.huntr.dev/bounties/2-npm-superstatic
⚙️ Description *
Path is tested for symlinked directories, in case it is request is denied
💻 Technical Description *
If symlink filter is enabled and file is not symlink every directory in the path, starting from base directory, is tested to be symlink, in positive case request is denied
🐛 Proof of Concept (PoC) *
1)Install the Superstatic module
$ npm install -g superstatic
2)Make a directory
$ mkdir test
3)Go to 'test' directory
$ cd test
4)create a symlink file to directory
ln -s /etc/ 'dirname'
5)Run Superstatic module
$ Superstatic
6)Request the file within browser
http://localhost:3474/'dirname'/'regularfile'
http://localhost:3474/poc/passwd
7)Content of file is returned to browser
🔥 Proof of Fix (PoF) *
After fix error page is shown
👍 User Acceptance Testing (UAT)
Original functionality unafected