Path Traversal (CWE-22) leak sensitive data in ikus060/rdiffweb
Valid
Reported on
Oct 1st 2022
Description
Path Traversal successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
Proof of Concept
Note: If you can not see the poc image , you can follow this link https://imgur.com/a/1svTNB4
Impact
Arbitrary file read. This could leak sensitive system files or any file present on the system.
We are processing your report and will contact the
ikus060/rdiffweb
team within 24 hours.
7 months ago
this is my first report on huntr.dev, so i don't know how to push image correctly :D
We have contacted a member of the
ikus060/rdiffweb
team and are waiting to hear back
7 months ago
The researcher's credibility has increased: +7
@t1g3r0x I'm working on a fix. ASAP.
Another question for you. What led you to test Rdiffweb?
you know, testing the open source like Rdiffweb or another one, is also a way to improve penetration testing skills :D
to join this conversation