Bug #5625 for Net-HTTPServer: Possibility to go beyond the docroot and have access to all the files

RT for rt.cpan.org

This queue is for tickets about the Net-HTTPServer CPAN distribution.

Report information

The Basics

Id:	5625
Status:	resolved
Worked:	30 min
Priority:	0/
Queue:	Net-HTTPServer

People

Owner:	reatmon [...] mail.com
Requestors:
Cc:
AdminCc:

Bug Information

Severity:	Critical
Broken in:	0.8.1
Fixed in:	(no value)

History Show all quoted text

Thu Mar 11 00:39:01 2004 Guest - Ticket created

Subject:

Possibility to go beyond the docroot and have access to all the files

if you access http://localhost:5000/.//.../ you'll get one level above the docroot... and then, for each "/.../" you add, you get another level up... thus gaining complete read access to what the webserver can access...

Thu May 20 11:31:22 2004 reatmon [...] mail.com - Status changed from 'new' to 'resolved'

Thu May 20 11:31:22 2004 reatmon [...] mail.com - Correspondence added 30 min

I was not able to recreate this behavior, but I went ahead and added more replaces to the _chroot function to look for /\.+ and remove them. So if you enter a URL with /.../ will just remove that from the final path. I'm closing this. It will be in the 0.9.2 release in a day or so. Ryan Eatmon

Thu May 20 11:31:22 2004 reatmon [...] mail.com - Given to REATMON