Post little thoughts, jokes, news, etc. that don't necessarily warrant having their own thread.
Name:
Anonymous2018-10-20 20:21
you've heard of off-by-one errors, but have you ever heard of an off-by-slash error? https://twitter.com/x0rz/status/1052899891624710145 basically allows for path traversal because of a shitty alias in a boomer tier web server that is unfortunately widely used
Name:
Anonymous2018-10-20 21:30
>>179 Funny, you remember me I have to change: location /dir/ { alias /path/dir/; } to location /dir { alias /path/dir/; } Otherwise an url without the trailing slash gives a 404. Just did it and I can't exploit that off-by-slash. If I try to got to http://host/dir/../somefiles I'm routed to http://host