Directory Traversal Exploit
Closed this issue · 3 comments
Hello,
I was curious about the security of this since it interacts directly with the host filesystem.
I found that while I can't find a way to read arbitrary files due to you checking whether a file exists (at least as far as I found), I could still write to arbitrary file locations that don't exist already. This could be a problem if I could write a config file somewhere. In general, this program probably shouldn't be able to write outside of the files directory (at least from user actions).
Hope this helps you squash a security vulnerability!
If you wanted to read more about Directory Traversal exploits, OWASP has a pretty good article: https://owasp.org/www-community/attacks/Path_Traversal
@popcar2 you might want to also cancel for the Japanese ¥ symbol and the Korean ₩ symbol as those are used in Japanese and Korean versions of Windows as the file separator instead of / or \. (Has to do with how characters originally were mapped to binary in those other locales. Back before Unicode)
I added an exception for those too, thanks for the heads up.