|
|
|
|
|
|
by magicalhippo
1087 days ago
|
|
|
There is a LFI vulnerability because: /imgs../flag.txt
Transforms to: /path/images/../flag.txt
I've only implemented a handful of HTTP servers for fun, but I've always resolved relative paths and constrained them. So I'd turn "/path/images/../flag.txt" into "/path/flag.txt", which would not start with the root "/path/images/" and hence denied without further checks.Am I wrong, or, why doesn't nginx do this? |
|
|