Directory Traversal Exploit
Closed this issue · 3 comments
Hello,
I was curious about the security of this since it interacts directly with the host filesystem.
I found that while I can't find a way to read arbitrary files due to you checking whether a file exists (at least as far as I found), I could still write to arbitrary file locations that don't exist already. This could be a problem if I could write a config file somewhere. In general, this program probably shouldn't be able to write outside of the files directory (at least from user actions).
Here's some proof.
Hope this helps you squash a security vulnerability!
If you wanted to read more about Directory Traversal exploits, OWASP has a pretty good article: https://owasp.org/www-community/attacks/Path_Traversal
Good catch. I thought I made slashes an illegal character in file names but turns out it was just a todo comment in the code. The newest commit cancels renaming if you try adding / or \
Thanks!
@popcar2 you might want to also cancel for the Japanese ¥ symbol and the Korean ₩ symbol as those are used in Japanese and Korean versions of Windows as the file separator instead of / or \. (Has to do with how characters originally were mapped to binary in those other locales. Back before Unicode)
I added an exception for those too, thanks for the heads up.