Help finding vulnerabilities in this code

Home Forums Miscellaneous Help finding vulnerabilities in this code

This topic contains 1 reply, has 1 voice, and was last updated by  nesquil 3 months, 3 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #268

    nesquil
    Participant

    Hello,
    I am undergoing a skills aptitude test and need some help.
    This is the code I was provided:

    fn get_doc(fileName: String) -> String {
    let fileName = "./Documents".to_string() + &fileName;
    let fileName = str::replace(&fileName, "./", "//");
    let fileName = str::replace(&fileName, "..//", "");
    

    I have deduced that this is written with Rust because of how the function is declared, but when looking up str::replace(), this appears to be written with Kirby ( but it’s not ). Hastebin saves it as a javascript file, but this isn’t how Javascript declares functions. What language is this?
    Moving on, trying to pick this apart to find the vulnerabilities. The first line of the get_doc() function appends the contents of fileName to the directory making this file path: workingDirectory/Documents/fileName
    The next two lines are presumably input sanitizing, removing parent directory path calls and changing them to working directory calls.
    Possibly there is a vulnerability using the escape character to bypass input sanitation? If so, I can not think of how to conduct a proof of concept for this.

    Do you know what the language is? Do you see any vulnerabilities in this code? Is this client-side or server-side?

    #269

    nesquil
    Participant

    I would like to add that I consider this to be method vulnerable to Directory Traversal. Now I just need to think of an input that would result in unexpected output. In addition, the code doesn’t do any input sanitation for file types, so a user could exploit this method for accessing documents or executing malicious scripts. In addition, a user could enter a blank input and this would run the Documents script. Am I correct?

    • This reply was modified 3 months, 3 weeks ago by  nesquil. Reason: Added another attack vector
    • This reply was modified 3 months, 3 weeks ago by  nesquil.
    • This reply was modified 3 months, 3 weeks ago by  nesquil.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.