Path Traversal in kalcaddle/kodexplorer
Jun 13th 2021
KodExplorer A web-based file manager, web IDE/browser-based code editor. I discovered that by uploading a symbolic linked file via any user, he/she could see any file in the server which causes Path Traversal vulnerability.
🕵️♂️ Proof of Concept
- Create a file by the following command
ln -s /etc/passwd test
- Upload that file from any user.
- Open and view the file, you can see the system passwd file.
Any user can view any system file via symlink files.
unlink the files during file upload.