Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Pull request for issue 92: Do not allow backslashes in path (security). #93

Merged
merged 3 commits into from Dec 15, 2012

Conversation

Projects
None yet
2 participants
Contributor

melkote commented Dec 15, 2012

On Windows, it is possible to access arbitrary files by crafting a GET with unescaped backslash characters.

For example, GET /..............\ff\asubdir\secretfile would navigate to the root, go down ff/asubdir and retrieve secretfile. When Mochiweb is running with administrator privileges, this bug makes it possible to retrieve any file from Windows file system.

As the backslash should never appear on the path of a GET request unencoded, this fix rejects such requests and closes the vulnerability.

melkote added some commits Dec 14, 2012

@melkote melkote Do not allow backslashes in path (security).
On Windows, it is possible to access arbitrary files by crafting
a GET with unescaped \, like GET /..\..\..\..\..\windows\win.ini

http://www.couchbase.com/issues/browse/MB-7390
977f91c
@melkote melkote Issue 92: Do not allow backslashes in path (security).
On Windows, it is possible to access arbitrary files by crafting
a GET with unescaped \, like GET /..\..\..\..\..\windows\win.ini

Please also see ouchbase.com/issues/browse/MB-7390
ac2bf2a
@melkote melkote Merge branch 'master' of git://github.com/melkote/mochiweb 3259a93

@etrepum etrepum added a commit that referenced this pull request Dec 15, 2012

@etrepum etrepum Merge pull request #93 from melkote/master
Pull request for issue 92: Do not allow backslashes in path (windows security).
5ee1eeb

@etrepum etrepum merged commit 5ee1eeb into mochi:master Dec 15, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment