Directory Traversal Vulnerability

[cry-inc]

The server will serve files outside the specified root.

Version: v0.1.5
OS: Windows 10
Binary: Precompiled Windows x64 v0.1.5 downloaded on the release pages

Steps to reproduce on Windows (did not test any other OS):

1. Download precompiled binary and extract
2. Create folder C:\htdocs
3. Start ran with ".\ran_windows_amd64.exe -root=C:\htdocs"
4. Run "wget http://127.0.0.1:8080/foobar\..\..\Windows\win.ini" (does not work in browsers, they will clean the URL first)

When using -listdir=true its also possible to browse folders and navigate around.

[m3ng9i]

Thanks, I've update the code, try v0.1.6.