Unable to open directory from browser #525

Closed
viyatb opened this Issue Dec 6, 2015 · 5 comments

Comments

Projects
None yet
2 participants
@viyatb
Member

viyatb commented Dec 6, 2015

Reproduce

When you pass an OWTF target containing especial URL characters such as "?" on the file browser (i.e. "Browse Files" button) on any plugin, this fails to load because these characters are not urlencoded, hence the browser interprets them and OWTF fails to open the relevant directory.

Fix

Calling the relevant url encoding function will fix this problem, for example using encodeURIComponent from JavaScript.

or

calling escape from Tornado template methods

@viyatb viyatb closed this Dec 6, 2015

viyatb added a commit that referenced this issue Dec 10, 2015

@viyatb viyatb reopened this Dec 10, 2015

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Dec 10, 2015

Member

The previous fix included using quote_plus from the urllib library. But it encoded '/' also, which resulted in bad links in the directory listing.
@DePierre thoughts on this?

Member

viyatb commented Dec 10, 2015

The previous fix included using quote_plus from the urllib library. But it encoded '/' also, which resulted in bad links in the directory listing.
@DePierre thoughts on this?

@DoomTaper

This comment has been minimized.

Show comment
Hide comment
@DoomTaper

DoomTaper Dec 10, 2015

Contributor

@delta24 have you tried using safe parameter of quote_plus like this quote_plus(item, safe='/') ?

Contributor

DoomTaper commented Dec 10, 2015

@delta24 have you tried using safe parameter of quote_plus like this quote_plus(item, safe='/') ?

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Dec 10, 2015

Member

No, but that looks doable. Let me try :)
Thanks @DoomTaper!

Member

viyatb commented Dec 10, 2015

No, but that looks doable. Let me try :)
Thanks @DoomTaper!

@DoomTaper

This comment has been minimized.

Show comment
Hide comment
@DoomTaper

DoomTaper Dec 13, 2015

Contributor

@delta24 Is this issue resolved?

Contributor

DoomTaper commented Dec 13, 2015

@delta24 Is this issue resolved?

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Dec 13, 2015

Member

nope, go ahead. :)

Member

viyatb commented Dec 13, 2015

nope, go ahead. :)

DoomTaper added a commit to DoomTaper/owtf that referenced this issue Dec 13, 2015

DoomTaper added a commit to DoomTaper/owtf that referenced this issue Dec 13, 2015

@viyatb viyatb added this to the OWTF Quality Release milestone Jan 18, 2016

@viyatb viyatb self-assigned this Jan 18, 2016

@viyatb viyatb closed this in 1fe7941 Jan 22, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment