Skip to main content
38 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
1 answer
70 views

I was playing a CTF which was about path traversal. The server code was like below: import flask import os app = flask.Flask(__name__) @app.route("/docs/<path:path>", methods=["...
Amir reza Riahi's user avatar
  • 2,470
0 votes
1 answer
93 views

I am doing a REST API in Java (although this question may apply to other languages) where I create several local files and directories, and they can be deleted based on input. I manage my files in a ...
coriuser's user avatar
  • 21
1 vote
0 answers
134 views

I recently found a path traversal vulnerability in my NestJS application. I had a download middle-ware that would take the filename from the URL: async use(req: Request, res: Response) { const ...
André's user avatar
  • 2,068
-4 votes
1 answer
192 views

I'm looking for a way to prevent directory traversal attacks, specifically those involving the ../ pattern in file paths, at the Java Runtime Environment (JRE) level. My goal is to ensure that such ...
Sakthis's user avatar
  • 7
1 vote
0 answers
657 views

I'm trying to fix Path Traversal Vulnerability raised by Gitlab SAST in the Java Source code. There is a scenario where I am creating a file object by passing in an Input string. Then creating a file ...
Poonam's user avatar
  • 21
0 votes
0 answers
347 views

Below is the image consist of lines of code that represents uploading a file(s) in nodejs (koa framework). It is working fine. But one vulnerability arises from the line "const readStream = fs....
Partha Chowdhury's user avatar
  • 33
1 vote
1 answer
4k views

The concept of path traversal is new to me. I would like some guidance please. In my project I have following line of code: uploadimg.SaveAs(Server.MapPath("tempfiles/" + fUIName)); ...
Amit Kaushal's user avatar
  • 41
1 vote
0 answers
2k views

I have a system where user can upload file. I want to throw an exception in case the filename is contains sensitive characters like "../", etc. (to avoid Path Traversal vulnerability: "...
rons1's user avatar
  • 31
0 votes
1 answer
98 views

I have a dynamic form, that is nested, the form is to describe an overhead gantry crane. so the structure looks like this: let equipmentInfo = { bridges:[{ trolleys:[{ hoists:[{ ...
TaW's user avatar
  • 61
0 votes
1 answer
4k views

We are trying to fix some issue reported by checkmarx, I have to say Stored xxx serial issue are hard to find a solution. About this one, We have following code PreparedStatement ps = conn....
Vincent Chen's user avatar
  • 285
0 votes
1 answer
103 views

https://security.openstack.org/guidelines/dg_using-file-paths.html If I try to run the given code from the above link: import os def is_safe_path(basedir, path, follow_symlinks=True): # resolves ...
Phillmac's user avatar
  • 129
3 votes
1 answer
10k views

I already tried these solutions Does my code prevent directory traversal in C#? Is Path Traversal Vulnerabilities possible in my below code? How to prevent Path Traversal in .NET How to avoid ...
gaurav bhavsar's user avatar
  • 2,051
1 vote
1 answer
889 views

How could I solve this problem in that code. I've tried some approaches, but I couldn't pass the checkmarx test (system used to perform the scan) FinalUploadFolder comes from the WebConfig file, which ...
AllPower's user avatar
  • 195
5 votes
2 answers
15k views

I am facing path traversal vulnerability while analyzing code through checkmarx. I am fetching path with below code: String path = System.getenv(variableName); and "path" variable value is ...
dev29's user avatar
  • 51
3 votes
1 answer
6k views

I'm trying to understand how to deal(in a secure way) with Path Traversal. For example an application receives from a client a file name via REST API in JSON, look for it in the non-accessible(by ...
cobofe's user avatar
  • 33
2 votes
2 answers
8k views

Background I am attempting to perform a path traversal attack on a vulnerable service hosted in IIS. The service is something like this: GET /api/download/{file-name} The underlying code is something ...
srk's user avatar
  • 1,971
0 votes
1 answer
158 views

There are lot of rectangles ; each one will have lower left and upper right co-ordinates. And they are either overlapping (fully or partially ) or touching at-least one edge with other one. Am looking ...
learning_math's user avatar
  • 21
0 votes
0 answers
2k views

How to fix this code so that it does not accuse this type of vulnerability? I'm using checkmarx to scan, and he encountered this problem when downloading a file Error reported by checkmarx: Method ...
AllPower's user avatar
  • 195
1 vote
1 answer
1k views

Security-wise, if I receive parts of the path from the user, do I need to sanitize them? Oversimplified example (in Python): from azure.storage.blob import BlobServiceClient client = BlobServiceClient....
Bharel's user avatar
  • 27.5k
-4 votes
1 answer
303 views

i have a download function receiving the filename by $_GET and i want to prevent users of downloading other files changing the path and accessing other files in the system. method: function ...
André Walker's user avatar
  • 633
1 vote
1 answer
75 views

Trying to implement Dijkstra's via the instructions in this article: https://medium.com/@adriennetjohnson/a-walkthrough-of-dijkstras-algorithm-in-javascript-e94b74192026 My repl below: https://repl.it/...
KamiWar's user avatar
  • 51
0 votes
0 answers
252 views

I was reading about testing against directory traversal on this website: https://wiki.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001) And at the end it says Testing ...
Awkjand's user avatar
  • 11
2 votes
1 answer
4k views

recently I wanted to automate an attack for a web app that is prone to path traversal attacks (NVMS1000) via python requests module. The request works perfectly with curl by using the option path-as-...
Julian12's user avatar
  • 21
1 vote
1 answer
1k views

So I have been given the task of fixing a path traversal problem in a basic Java web app, but I am quite stuck. We are meant to essentially make sure the code is secure, while maintaining ...
ismaeel ali's user avatar
  • 43
0 votes
1 answer
177 views

I have Processmaker 3.1.3 running into an RHEL-7 server. But recently I found that the server is vulnerable by path traversal attack. The entire application is running through the file App.php into ...
Shobuj's user avatar
  • 47
0 votes
3 answers
504 views

I'm about to program a file parser which is operating in a directory tree structure. Once I find a specific leaf directory I want to go through all directories which the path consists of and do some ...
adob's user avatar
  • 3
0 votes
0 answers
501 views

I'm testing if my application is prone to path traversal attacks, but when browsing to localhost/browser/../123/456.txt Chrome automatically converts the URL to localhost/browser/123/456.txt. How can ...
Woask's user avatar
  • 69
3 votes
2 answers
1k views

Security Scan SCS0018 Warnings in Visual Studio are shown during the build. Currently, I am working on these warnings to get removed. I tried several MSDN sites but no luck. I have also read OWSAP but ...
Binod's user avatar
  • 313
0 votes
1 answer
5k views

I work with developing and pre-production IIS servers to publish and test the web applications we develop. Some Ethical Hacking consultant came and warned us about a vulnerability they found in some ...
Jose Sansuste's user avatar
  • 1
0 votes
1 answer
2k views

I'm running OWASP ZAP as part of an automated CI/CD process. I am doing a spider and active scan. The report showed that there is a Path Traversal error. First, this is an Angular 2 site so there ...
MikeDouglasDev's user avatar
  • 1,351
0 votes
1 answer
2k views

I'm building a webservice where users can upload zipfiles that get unzipped and saved to our server. I created the following function to open a file in a specified path: private File ...
rmeertens's user avatar
  • 4,461
0 votes
1 answer
1k views

A penetration test using OWASP Zap is finding a number of Path Traversal 'vulnerabilities' but either the report isn't telling me the whole story, or they seem perfectly safe to me. Eg: URL: http://[...
Steve Owen's user avatar
  • 2,091
0 votes
2 answers
856 views

I ran IBM AppScan tool on a VB.Net source.I am getting one security issue in File.Copy method under Path Traversal category. Issue Detail - Vulnerability Type - PathTraversal This API accepts a ...
Deepak's user avatar
  • 1
0 votes
1 answer
2k views

I was testing a web application with ZAP and it reports a path traversal vulnerability. I understand it how it works (at least, I think so), so I reviewed the code, tested the URLs, but I could not ...
JonDoe297's user avatar
  • 1,721
22 votes
2 answers
18k views

Are there any standard library methods that can filter out paths which include special traversal sequences, such as ../ and all other convoluted forms of upwards directory traversal, to safeguard a ...
matanox's user avatar
  • 13.9k
1 vote
2 answers
2k views

I've got two issues sonar is sad about. First one in a line of code with relative path traversal issue which looks like this: File f = new File(MY_DIR + filename); Where filename is a parameter I'...
Anton Zvonovsky's user avatar
  • 343
1 vote
1 answer
349 views

I am trying to get my node to travel along the path of a circle, and at the same time have THAT circle travel along the path of a rectangle. Is it possible? This is what I have so far: void move(...
Jeremiah Jacobson's user avatar
  • 33
51 votes
3 answers
63k views

I have a Java server implementation (TFTP if it matters to you) and I'd like to ensure that it's not susceptible to path traversal attacks allowing access to files and locations that shouldn't be ...
Rob Oxspring's user avatar
  • 2,975