Directory Traversal Vulnerability

## Summary:
In the find_by_file function at line 195, the file path is not strictly validated, allowing directory traversal via the ../../ characters. This vulnerability enables attackers to access arbitrary files, such as    /etc/passwd.

## Vulnerability Type
Directory Traversal

##  Affected Version

JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645

## Attack Type
Local

## Reproduction Steps
1. Clone the repository locally using: git clone https://github.com/Threezh1/JSFinder.
![image](https://github.com/user-attachments/assets/a896c4bc-9333-462d-959e-05a0f9c7419f)
3. Enter the JSFinder directory and install the necessary Python dependencies, such as BeautifulSoup, urllib3, and requests.
4. Run the following command in the test directory to exploit the vulnerability and access the /etc/passwd file: python3 JSFinder.py -f ../../../../etc/passwd. For Windows users, you can replace other files within the program, such as ../../../../win.ini, to demonstrate file access on the Windows system.
![image](https://github.com/user-attachments/assets/48011811-8316-4d64-95e7-dc442ef45fa7)

##  Mitigation
- Path Normalization
   Use os.path.abspath() to resolve absolute paths
   Prevent directory traversal with os.path.commonpath()
- Input Validation

## Reference

http://jsfinder.com/
https://github.com/Threezh1/JSFinder


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Directory Traversal Vulnerability #33

Summary:

Vulnerability Type

Affected Version

Attack Type

Reproduction Steps

Mitigation

Reference

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Directory Traversal Vulnerability #33

Description

Summary:

Vulnerability Type

Affected Version

Attack Type

Reproduction Steps

Mitigation

Reference

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions