Merge CVS history #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d problems with this, such as slashdot.org
… "notice" level error.
…pandlinks function. Root relative links are treated as relative Snoopy is treating root relative links as relative. When a page at domain.com/foo/bar/page1.htm has a link like /foo/bar/page2.htm then Snoopy returns the link to page 2 as: domain.com/foo/bar/foo/bar/page2.htm instead of domain.com/foo/bar/page2.htm
Snoopy now allows a meta refresh tag to have any number of spaces between the semicolon following the refresh delay and the URL= value.
Added : if($this->lastredirectaddr) $URI = $this->lastredirectaddr; into the fetchlinks, submitlinks and submitext functions to properly expandlinks after a redirect. Also modified the documentation at the beginning of the file indicating which functions use expandlinks
…s in the https curl request weren't being checked for double quotes (the URI was, but not the headers).
Here's the description of the exploit from SEC.
SEC-CONSULT Security Advisory < 2005xxxx-0 >
======================================================================
title: Snoopy Remote Code Execution Vulnerability
program: Snoopy PHP Webclient
vulnerable version: 1.2 and earlier
homepage: http://snoopy.sourceforge.net
found: 2005-10-10
by: D. Fabian / SEC-CONSULT / www.sec-consult.com
======================================================================
vendor description:
---------------
Snoopy is a PHP class that simulates a web browser. It automates the
task of retrieving web page content and posting forms, for example.
Snoopy is used by various RSS parser, which are in turn used in a
whole bunch of applications like weblogs, content management systems,
and many more.
vulnerabilty overview:
---------------
Whenever an SSL protected webpage is requested with one of the many
Snoopy API calls, it calls the function _httpsrequest which takes
the URL as argument. This function in turn calls the PHP-function
exec with unchecked user-input. Using a specially crafted URL, an
attacker can supply arbitrary commands that are executed on the web
server with priviledges of the web user.
While the vulnerability can not be exploited using the Snoopy class
file itself, there may exist implementations which hand unchecked
URLs from users to snoopy.
proof of concept:
---------------
Consider the following code on a webserver:
Thanks zaruba and Kellan
…heme (http / https) fixed a typo that I introduced in 1.2.2 (the first character of the file is a "z" updated the version variable in the code to reflect the new version
Conflicts: AUTHORS Snoopy.class.php
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have done a new cvs export job using https://github.com/rcls/crap, got all commit history from sourceforge.net/snoopy, and then merged with your modified README.md.
During merge, sourceforge version seems newer in version(1.2.5-dev) and some author mail address.
Although this class has not much usage because there are curl already, I think keep a copy here is good for some old project.