One of these vulnerabilities is with the
st npm package. This is a module for serving static pages. The issue here is that our sample application is using
firstname.lastname@example.org and this has a directory traversal vulnerability.
This package is used in our application to serve the about page. If you click on the about page you will notice in the address bar that you are taken to
A potential attacker that discovers a resource that is static may attempt to escape by typing
../ to escape the present context and see what else may be available. Fortunately, if done through the web browser this is normalized and the command will not reach the server. However, we can bypass this using the command line. Let's walk through a couple of examples that illustrate how you can accomplish this. From the terminal, we will use
curl to perform a few steps. If we attempt to browse using
../ we will fail because
st will inspect for this and block attempts to list contents using this method.