You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the find_by_file function at line 195, the file path is not strictly validated, allowing directory traversal via the ../../ characters. This vulnerability enables attackers to access arbitrary files, such as /etc/passwd.
Enter the JSFinder directory and install the necessary Python dependencies, such as BeautifulSoup, urllib3, and requests.
Run the following command in the test directory to exploit the vulnerability and access the /etc/passwd file: python3 JSFinder.py -f ../../../../etc/passwd. For Windows users, you can replace other files within the program, such as ../../../../win.ini, to demonstrate file access on the Windows system.
Mitigation
Path Normalization
Use os.path.abspath() to resolve absolute paths
Prevent directory traversal with os.path.commonpath()
Summary:
In the find_by_file function at line 195, the file path is not strictly validated, allowing directory traversal via the ../../ characters. This vulnerability enables attackers to access arbitrary files, such as /etc/passwd.
Vulnerability Type
Directory Traversal
Affected Version
JSFinder commit d70ab9b
Attack Type
Local
Reproduction Steps
Mitigation
Use os.path.abspath() to resolve absolute paths
Prevent directory traversal with os.path.commonpath()
Reference
http://jsfinder.com/
https://github.com/Threezh1/JSFinder
The text was updated successfully, but these errors were encountered: