[CVE-2020-15779] Path Traversal in Socket.io-file NPM module

Title: Path Traversal in Socket.io-file NPM module Date: 18/05/2020 CVE-ID: CVE-2020-15779 Advisory: https://www.npmjs.com/advisories/1519 Author: Thomas Sermpinis (a.k.a. Cr0wTom) Website:¬†https://cr0wsplace.com Versions: <= 2.0.31 Package URL: https://www.npmjs.com/package/socket.io-file Tested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier while working for Auxilium Cyber Security, IContinue reading “[CVE-2020-15779] Path Traversal in Socket.io-file NPM module”