Unauthenticated Path Traversal
Discription
# Description
A unauthenticated user can read and download files of the application system by abusing the `filename` parameter, of the `/api/image/cover-upload`endpoint, that is not properly sanitized.
# Proof of Concept
1 – Send the following request, where the `filename` has the relative path of the target file.
“`
GET /api/image/cover-upload?filename=
Host: localhost:5000
“`
![arbitrary-file-read](https://i.imgur.com/1Wv6vP5.png)Read More
References
Back to Main