Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for XSS and path travel #27

Merged
merged 2 commits into from Mar 1, 2017
Merged

Fix for XSS and path travel #27

merged 2 commits into from Mar 1, 2017

Conversation

ssl
Copy link
Contributor

@ssl ssl commented Mar 1, 2017

REQUEST_URI is not parsed by PHP - only by new browsers.
Can be used for XSS with curl or for example file get contents.
[url]?x="><h1>Hi</h1>

Using path travel and viewer.php you can get files like the config file.
[url]/viewer.php?type=png&file=../png/../png/../png/jAfQv

ssl added 2 commits March 1, 2017 03:19
REQUEST_URI is not parsed by PHP - only by new browsers.
Can be used for XSS with curl or for example file get contents.
[url]?x="><h1>Hi</h1>
Using path travel and viewer.php you can get files like the config file.
[url]/viewer.php?type=png&file=../png/../png/../png/jAfQv
@aerouk
Copy link
Owner

aerouk commented Mar 1, 2017

The path traversal exploit didn't work on my production server, but I'll go ahead and merge this to be safe. Many thanks for your time and investigation!

@aerouk aerouk merged commit 435aeed into aerouk:master Mar 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants