Ianproxy Directory Traversal Vulnerability Allowing Arbitrary File Read
Vulnerability
A directory traversal vulnerability has been identified in Ianproxy versions through 0.1. This vulnerability allows remote attackers to read arbitrary files, potentially leading to the exposure of sensitive information. The issue arises from improper handling of file paths, particularly on Windows servers, where the traversal can bypass certain security measures.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server, including configuration files that may contain critical application or system information.
Reproduction
To reproduce this vulnerability, send a crafted HTTP GET request that includes a directory traversal payload. The payload should navigate up the directory structure and access a file such as 'config.properties' within the 'conf' directory. This can be done by encoding the traversal characters and including them in the request path. The server response should reveal the contents of the requested file, demonstrating the successful exploitation of the directory traversal vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.