Title: Path Traversal in Socket.io-file NPM moduleDate: 18/05/2020CVE-ID: 2020-15779Advisory: https://www.npmjs.com/advisories/1519Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier, I faced a web application running on an embedded device that used web sockets in order to […]
Auxilium Pentest Labs Blog