Highest Voted 'path-traversal' Questions

0

votes

0 answers

Path Traversal Issue Fix in Nodejs

Below is the image consist of lines of code that represents uploading a file(s) in nodejs (koa framework). It is working fine. But one vulnerability arises from the line "const readStream = fs.createReadStream(file.filepath);" in Veracode portal. I…

node.js koa path-traversal

asked Nov 28 '22 at 06:38

Partha Chowdhury

33
2
11

0

votes

0 answers

How to avoid path traversal issue in Python 3.6

We have the below piece of code in a python script, and the Checkmarx code scanning tool threw a warning. Method process_input at line 89 of abcd.py gets dynamic data from the argv element. This element’s value then flows through the code and is…

python-3.x arguments checkmarx path-traversal

asked Jul 26 '22 at 19:56

adusur

1
2

0

votes

0 answers

Validate String in Java To Avoid Path Traversal

I have a system where user can upload file. I want to throw an exception in case the filename is contains sensitive characters like "../", etc. (to avoid Path Traversal vulnerability: "file/../../file.txt"). I have the code String originalFilename =…

java validation secure-coding string-utils path-traversal

asked Feb 21 '22 at 17:19

rons1

21
2

0

votes

1 answer

Traverse an object of arrays, for a nested form

I have a dynamic form, that is nested, the form is to describe an overhead gantry crane. so the structure looks like this: let equipmentInfo = { bridges:[{ trolleys:[{ hoists:[{ }] }] }] } I have a function…

arrays reactjs path-traversal

asked Jan 19 '22 at 18:57

TaW

61
6

0

votes

1 answer

checkmarx stored absolute path traversal

We are trying to fix some issue reported by checkmarx, I have to say Stored xxx serial issue are hard to find a solution. About this one, We have following code PreparedStatement ps = conn.prepareStatement(sql); ResultSet rs = ps.executeQuery(); if…

java checkmarx secure-coding path-traversal sast

asked Jun 29 '21 at 03:42

Vincent Chen

245
2
6
13

0

votes

1 answer

Openstack path traversal guidelines docs has a broken example. What went wrong?

https://security.openstack.org/guidelines/dg_using-file-paths.html If I try to run the given code from the above link: import os def is_safe_path(basedir, path, follow_symlinks=True): # resolves symbolic links if follow_symlinks: …

python openstack path-traversal

asked Jun 20 '21 at 06:33

Phillmac

109
7

0

votes

1 answer

Given the cordinates of rectangles, connect them to make path from start to end

There are lot of rectangles ; each one will have lower left and upper right co-ordinates. And they are either overlapping (fully or partially ) or touching at-least one edge with other one. Am looking for how to come up with a trace from start to…

algorithm graph-theory computational-geometry path-finding path-traversal

asked Dec 24 '20 at 18:29

learning_math

21
1

0

votes

0 answers

Fixing Path_traversel when downloading a file

How to fix this code so that it does not accuse this type of vulnerability? I'm using checkmarx to scan, and he encountered this problem when downloading a file Error reported by checkmarx: Method Index at line 13…

c# asp.net-mvc security path-traversal

asked Nov 20 '20 at 05:53

AllPower

175
1
4
16

0

votes

1 answer

Does Azure storage allow path traversal?

Security-wise, if I receive parts of the path from the user, do I need to sanitize them? Oversimplified example (in Python): from azure.storage.blob import BlobServiceClient client = BlobServiceClient.from_connection_string("") container…

azure azure-blob-storage path-traversal

asked Sep 16 '20 at 22:58

Bharel

23,672
5
40
80

0

votes

0 answers

Testing against directory traversal

I was reading about testing against directory traversal on this website: https://wiki.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001) And at the end it says Testing for the flaw is achieved…

java url path path-traversal

asked May 26 '20 at 12:50

Awkjand

11
2

0

votes

1 answer

Processmaker 3.* Path Traversal Issue

I have Processmaker 3.1.3 running into an RHEL-7 server. But recently I found that the server is vulnerable by path traversal attack. The entire application is running through the file App.php into the $App_Dir/workflow/public_html directory…

php security processmaker path-traversal

asked Sep 02 '19 at 20:35

Shobuj

47
1
7

0

votes

3 answers

How to traverse directories a path consists of in BASH

I'm about to program a file parser which is operating in a directory tree structure. Once I find a specific leaf directory I want to go through all directories which the path consists of and do some operations within them. Let's say the path is:…

bash shell find directory-traversal path-traversal

asked May 13 '19 at 16:07

adob

3
3

0

votes

0 answers

How to stop Google Chrome from removing ../ from the requested URL?

I'm testing if my application is prone to path traversal attacks, but when browsing to localhost/browser/../123/456.txt Chrome automatically converts the URL to localhost/browser/123/456.txt. How can I prevent Google Chrome from removing the ../…

google-chrome path-traversal

asked Mar 01 '19 at 14:47

Woask

59
1
9

0

votes

1 answer

How to fix aspx?Dir=http://externalwebsite.com IIS 8.5 vulnerability

I work with developing and pre-production IIS servers to publish and test the web applications we develop. Some Ethical Hacking consultant came and warned us about a vulnerability they found in some of our…

security exploit iis-8.5 directory-traversal path-traversal

asked Feb 20 '18 at 13:49

Jose Sansuste

1
1
2

0

votes

1 answer

ZAP seems to incorrectly report path traversal vulnerability in Angular app

I'm running OWASP ZAP as part of an automated CI/CD process. I am doing a spider and active scan. The report showed that there is a Path Traversal error. First, this is an Angular 2 site so there wouldn't be anything revealed on the server. …

angular security owasp zap path-traversal

asked Jul 05 '17 at 16:44

MikeDouglasDev

1,331
10
22

Questions tagged [path-traversal]