New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid parsed filename #11

Open
doodi-v1 opened this Issue Sep 4, 2014 · 0 comments

Comments

Projects
None yet
1 participant
@doodi-v1

doodi-v1 commented Sep 4, 2014

Using both 5.5.1 and 5.5.2 I've found an issue when my site is scanned for vulnerabilities. Invalid fuseactions attempt to create a corresponding parsed file and this can trigger secondary "invalid filename" errors when invalid characters are passed in the URL string. Here is a sample query string that my external security scanner attempted:

fuseaction=user.loginPost1111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45)%20--%20%20/*

This throws an "Invalid CFML construct found on line 14 at column 251" exception.

Suggested fix: Invalid fuseactions should short-circuit the parsed file creation and simply trigger the invalid fuseaction exception.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment