Solve URL copy security flaw
Brought to you by:
blamiroy,
lehighlamiroy
Menu
▾
▴
#2 Solve URL copy security flaw
The web-service model reposes on URLs as input and output parameters. There is currently absolutely no verification of the validity of the arguments passed as URL. It is very conceivable that a carefully crafted web-service request could expose system files like /etc/passwd and others. Furthermore at the end of the treatment chain, these parameters are passed to a system call. String cleaning is necessary here to avoid, again, carefully crafted, bogus input arguments that could lead to severe compromises.