Expected Findings
- Upload endpoint trusts file names and types.
- File viewer supports traversal-like names directly.
Upload Widget
File Upload Service
This upload form accepts arbitrary file names and the file viewer happily reads traversal-style paths from the request.
Primary Flows
- Upload endpoint POST name + content
- Traversal read Reads simulated traversal path
Signals
Validation
if (filename.length > 0) store(filename, blob)