Directory Traversal Vulnerability
Closed this issue · 1 comments
kriso4os commented
The default configuration of the proxy 'matchAll="true"' is susceptible to the Path Traversal vulnerability, which bypasses the 'serverUrl' parameter.
For example:
if <serverUrl url="http://127.0.0.1:80/myserver/web/">
is set, any access to "http://127.0.0.1:80/myserver/rest/" is restricted.
However, using a basic Path Traversal technique, this can be bypassed: "http://127.0.0.1:80/myserver/web/../rest/"
This was tested and confirmed for the DotNet proxy, but after some static analysis, the Java and PHP ones look vulnerable as well.