How to prevent absolute path traversal in EasyPHP Webserver 14.1
In the EasyPHP Webserver 14.1 software, there is an Absolute Path Traversal vulnerability in the dashboard index.php
page.
https://www.exploit-db.com/exploits/51430
I reviewed the source code and tried to look for the vulnerable code but I could not find it.
The exploit payloads are:
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini
from the Dashboard index.php
page
and this:
/index.php/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini
also works:
But I am stumped. I could not for the life of me find where the vulnerability is located in the source code. Removing all the lines of code in dashboard/index.php
still would not make the vulnerability go away. Download EasyPHP Webserver 14.1 from here: https://www.easyphp.org/download.php
. Hasn't been updated for a long time.
This is purely for educational purposes - anyone more experienced in source code review point out to me where the vulnerable code is located for this Absolute Path Traversal exploit in EasyPHP Webserver 14.1?