Thank you for the quick response to the request. Unfortunately, this did not completely solve the problem.
It is still possible to get access via other characters. Example:
[EverythingURL]/%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./windows/win.ini
Search found 2 matches
- Thu May 25, 2023 12:26 pm
- Forum: Bug report
- Topic: Vulnerability on Everything HTTP server (directory traversal)
- Replies: 3
- Views: 7584
- Tue May 09, 2023 9:24 am
- Forum: Bug report
- Topic: Vulnerability on Everything HTTP server (directory traversal)
- Replies: 3
- Views: 7584
Vulnerability on Everything HTTP server (directory traversal)
Everything version 1.5.0.1345a
A critical vulnerability exists when using the Everything HTTP server.
The web server allows directory traversal. (Web Server Directory Traversal Arbitrary File Access)
Example: [EverythingURL]/%80../%80../%80../%80../%80../%80../windows/win.ini (Access allowed)
A critical vulnerability exists when using the Everything HTTP server.
The web server allows directory traversal. (Web Server Directory Traversal Arbitrary File Access)
Example: [EverythingURL]/%80../%80../%80../%80../%80../%80../windows/win.ini (Access allowed)