L0nm4r

there are steps to test this vuln: 1. touch test.js and test.js.map in web directory: test.js: ``` //# sourceMappingURL=test.js.map ``` test.js.msp: ``` { "version": 3, "sources": ["../../../../../../tmp/pwned"], "names": [], "mappings":...

the path and domain filed in HttpAuthToken is not used ``` auth_tokens: - domain: 'abc.example.com' path: 'apppath' //