Skip to content

Latest commit

 

History

History

directory_traversal

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
assets
assets
 
 
img
img
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
access.log_sample
access.log_sample
 
 
compose.yaml
compose.yaml
 
 
index.html
index.html
 
 
nginx.conf
nginx.conf
 
 

README.md

Nginx alias traversal demo

un license

INDEX

ABOUT

Nginx alias traversal.

Note

In the pattern where this location is used in combination with alias, a critical vulnerability arises when two conditions are met:

  1. no trailing slash at the end of the URL specified in the location
  2. a trailing slash at the end of the path specified in the alias
# correct nginx.conf settings
location /good/ {
  alias /var/img/;
}

# vulnerble nginx.conf settings

location /bad {
  alias /var/img/;
}

ENVIRONMENT

nginx 1.25.5

see Dockerfile

PREPARING

cd directory_traversal/
docker compose up

HOW TO USE

After the Docker container run, go to localhost:82. start

  1. http://localhost/good/cat.png is correct nginx.conf settings. You can see the image file. good-settings
  2. http://localhost:82/bad../log/nginx/access.log_sample is vulnerable. You can get access.log_sample success

REFERENCE