Security Fix for Path Traversal - huntr.dev #280
Conversation
[FIX] Path traversal through Symlink files
Wrongly closed: Fixed path traversal vulnerability when symlinking directories
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the 鈩癸笍 Googlers: Go here for more info. |
1 similar comment
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the 鈩癸笍 Googlers: Go here for more info. |
|
@alromh87 - would you be able to sign the CLA? 馃嵃 |
|
@googlebot I consent. |
|
CLAs look good, thanks! 鈩癸笍 Googlers: Go here for more info. |
1 similar comment
|
CLAs look good, thanks! 鈩癸笍 Googlers: Go here for more info. |
|
@JamieSlome Sure, is this the right way? #280 (comment) |
|
@alromh87 - all done. Thanks! 馃嵃 |
|
Duplicate of #275 |
https://huntr.dev/users/alromh87 has fixed the Path Traversal vulnerability 馃敤. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 馃挼. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#4
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/superstatic/2/README.md
User Comments:
馃搳 Metadata *
Still valid as it fixes a Vulnerability after proposed fix #2
Creating a symlink to a directory could allow acces to system files, proposed fix handles symlinked files but not directories
Bounty URL: https://www.huntr.dev/bounties/2-npm-superstatic
鈿欙笍 Description *
Path is tested for symlinked directories, in case it is request is denied
馃捇 Technical Description *
If symlink filter is enabled and file is not symlink every directory in the path, starting from base directory, is tested to be symlink, in positive case request is denied
馃悰 Proof of Concept (PoC) *
1)Install the Superstatic module
$ npm install -g superstatic
2)Make a directory
$ mkdir test
3)Go to 'test' directory
$ cd test
4)create a symlink file to directory
ln -s /etc/ 'dirname'
5)Run Superstatic module
$ Superstatic
6)Request the file within browser
http://localhost:3474/'dirname'/'regularfile'
http://localhost:3474/poc/passwd
7)Content of file is returned to browser
馃敟 Proof of Fix (PoF) *
After fix error page is shown
馃憤 User Acceptance Testing (UAT)
Original functionality unafected