Local File Inclusion (LFI) Vulnerability #303
Comments
|
We do have this documented here but as noted in Issue #169... its categorized or co-mingled with another vuln in a weird way (demonstrating LFI/Traversal via metaprogramming). Although its kind of a duplicate issue, do appreciate you sending this in 👍 |
|
my apologies for not going through all of the documentation. Thank you for pointing it out . :) |
ap00rv
changed the title
|
Oh no, its not your fault, we didn't have it listed in Rails 5 (what master is at) and also, the issue is 3 years old so I should have fixed this by now. If anything, you reminded us (and me, specifically) that its important this is fixed. So... thanks 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The vulnerability can be exploited at this URL :
http://localhost:3000/download?name=public%2Fdocs%2FHealth_n_Stuff.pdf&type=File
If the 'name' parameter's value is changed to "/etc/passwd" , the file is donwloaded.
This issue was flagged by Brakeman scanner. The vulnerable code is present at line 11 of
railsgoat/app/controllers/benefit_forms_controller.rb
The text was updated successfully, but these errors were encountered: