Menu

#3 Another sharing to much bug... ".."

closed-accepted
R L
None
5
2001-12-16
2001-08-22
Anonymous
No

when someone tries to access a server with...

http://www.mysomaserver.com/..

or even

http://www.mysomaserver.com/../../..

They can get deeper access into the file system,
through parent directories.

I have a some what temporary solution, at least until
a better solution can be brought about.. It is to
alter the getOSPath in the Utility class :

public static String getOSPath( String dir ) {
int i;
StringBuffer sb = new StringBuffer( dir );
StringTokenizer st = new StringTokenizer(
dir, "/", true );
Vector vec = new Vector();

while (st.hasMoreTokens()) {
vec.add(st.nextToken());
}

for( i=0; i<vec.size(); i++ ) {
if( ((String)vec.elementAt(i)).equals("..") ){
if( i>1 ){
vec.remove(i);
vec.remove(i-1);
vec.remove(i-2);
i-=3;
}else if( i>0 ){
vec.remove(i);
vec.remove(i-1);
i-=2;
}else{
vec.remove(i);
i--;
}
}
}

String temp = new String(), temp2;
for( i=0; i<(vec.size()-1); i++ ) {
temp2 = (String)vec.elementAt(i);
if( temp2.equals("\\") ){
temp += File.separator;
}else{
temp += temp2;
}
}

return temp;
}

This works for me, although it may not be a perfect
implementation, or you guys may have a better
solution, maybe return a 404 instead of going to the
base page.

Discussion

  • R L

    R L - 2001-12-16

    Logged In: YES
    user_id=18424

    Fixed it by checking the URL paths for "/.." and instead
    directing them to the root directory.

    Strangely, this behavior *never* occured under Unix (it is a
    well-known security flaw which I tested for).

     

  • R L

    R L - 2001-12-16

    updated WebServerUtility.java

     
    WebServerUtility.java

  • R L

    R L - 2001-12-16
    • assigned_to: nobody --> auntfloyd
    • summary: Another sharing to much bug... ".." --> Another sharing to much bug... ".."
    • status: open --> closed-accepted
     

Log in to post a comment.

MongoDB Logo MongoDB