The author details a step‑by‑step security assessment of an EDU certificate platform, revealing edge asset discovery, unauthorized .map file leakage, arbitrary file download and upload, path‑traversal flaws, and credential exposure via Bash history, culminating in high‑severity findings.
This article explains the severe risks of file‑path traversal attacks in Go applications, reviews common exploitation techniques, evaluates existing mitigation methods, and demonstrates how the newly introduced os.Root API provides a robust, native solution for securely handling user‑supplied file paths.
This article explains how static resource handling via WebMvc.fn or WebFlux.fn can be exploited for path traversal, lists the affected Spring Framework and Spring Boot versions, and provides mitigation steps such as upgrading, enabling Spring Security HttpFirewall, or switching to Tomcat/Jetty.
The Go net/url package contains a path traversal flaw (CVE-2022-32190) where JoinPath fails to strip "../" segments, allowing attackers to access sensitive files, affecting versions prior to 1.18.6 and 1.19.1, and can be mitigated by upgrading to the patched releases.
This article explains what directory (path) traversal is, demonstrates how attackers can read or write arbitrary files on a server by manipulating file‑path parameters, outlines common bypass techniques, and provides concrete defensive coding practices to mitigate the vulnerability.
