Comet WebFileManager / Patches / #7 HTML injection possible when viewing files

#7 HTML injection possible when viewing files

Status: open

Owner: Vincenzo Valvano

Labels: None

Priority: 5

Updated: 2004-10-14

Created: 2004-10-14

Creator: kuba tyszko

Private: No

fixed.
now, View.php check if the desired file contains one of
the Root paths.
if yes, all is ok, but if no - then it gives security violation
and exits.
also added function IntrusionNotifyExt that can accept
extended description and print it withinh alert box.

Discussion

kuba tyszko - 2004-10-14

Logged In: YES
user_id=1138713

updated:
now, Viiew.php checks that root is at the beginning of the
filename.also it checks that filename does not contain ../
and /.. - so it should prevent access beyond desired root.
(like /home/kuba/../../etc/passwd - it won't work now).
editing and saving files is still vulnerable. will fix....

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

kuba tyszko - 2004-10-14

assigned_to: nobody --> vival
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

kuba tyszko - 2004-10-19

Logged In: YES
user_id=1138713

fixed those four if statements.
prevoius version was invulnerable to injection like
/home/kuba/../../etc/passwd but vulnerable to simple
/etc/passwd ;-). now both cases are detected.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

kuba tyszko - 2004-10-19

fixed again

patch_beyond

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

HTML injection possible when viewing files

Group

Searches

Help

#7 HTML injection possible when viewing files

Discussion