Python tarfile directory traversal
Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...
Directory Traversal
nginx alias misconfiguration allowing path traversal
I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the fo...
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box