Path Traversal in kalcaddle/kodexplorer

Valid

Reported on

Jun 13th 2021


✍️ Description

KodExplorer A web-based file manager, web IDE/browser-based code editor. I discovered that by uploading a symbolic linked file via any user, he/she could see any file in the server which causes Path Traversal vulnerability.

🕵️‍♂️ Proof of Concept

  1. Create a file by the following command ln -s /etc/passwd test
  2. Upload that file from any user.
  3. Open and view the file, you can see the system passwd file.

💥 Impact

Any user can view any system file via symlink files.

Recommendation

unlink the files during file upload.

warlee
a year ago

Maintainer


When the soft connection file is uploaded, the real file has already been uploaded

warlee validated this vulnerability a year ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
warlee confirmed that a fix has been merged on 6d2521 a year ago
warlee has been awarded the fix bounty
x3rz
a year ago

Researcher


Thank you for the fix Can you please have a look on this one also https://www.huntr.dev/bounties/11-kalcaddle/KodExplorer/

to join this conversation