Security vulnerabilities

  • Status Closed
  • Assigned To
  • Private
Attached to Project: Security vulnerabilities
Opened by freetb - 15.02.2024
Last edited by cbay - 15.02.2024

FS#32 - Server Path Traversal + Information Disclosure on


I identified a vulnerability in the SSH function of, where the home directory setting is vulnerable to server path traversal.


1. Login to your account and visit

2. Edit the home directory from '/' to '/../../../../../../'

3. Next, save the settings and login to your SSH shell. Type ls. You'll discover your path has been traversed.

4. Access the /alwaysdata/etc/passwd folder to view the admin superusers. More information of other users are also available throughout the server.

For example;

/var/lib/extrausers/passwd shows all the other registered users on the server.

/usr/lib/python3/dist-packages/fail2ban/tests/files/logs/postfix display failban logs.

Other interesting files;




Restrict access to any parent directory, other than the container being run.

Closed by  cbay
15.02.2024 11:00
Reason for closing:  Invalid
cbay commented on 15.02.2024 08:44


You don't need to modify your home directory at all to access those files. They are public, readable and don't pose a security threat.

In particular, getting the list of local users (other clients or admins) is not a vulnerability. There's even a well known Unix command, getent, to easily get the full list of accounts.

Kind regards,

Wow. Ok I understand. I doff my hat to the security of this platform. Even the local exploits proved futile


Available keyboard shortcuts


Task Details

Task Editing