From 37a06756ccc0ef64c2947e7b0973cb3a98bcdaf3 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Fri, 21 Aug 2020 15:30:55 +0000
Subject: [PATCH] telpho10_credential_dump: Prevent traveral in untar

---
 modules/auxiliary/admin/http/telpho10_credential_dump.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/auxiliary/admin/http/telpho10_credential_dump.rb b/modules/auxiliary/admin/http/telpho10_credential_dump.rb
index 5c62f9e28053..f1f9901a6729 100644
--- a/modules/auxiliary/admin/http/telpho10_credential_dump.rb
+++ b/modules/auxiliary/admin/http/telpho10_credential_dump.rb
@@ -37,7 +37,7 @@ def untar(tarfile)
     File.open(tarfile, 'rb') do |file|
       Rex::Tar::Reader.new(file) do |tar|
         tar.each do |entry|
-          dest = File.join destination, entry.full_name
+          dest = File.join(destination, File.basename(entry.full_name))
           if entry.file?
             File.open(dest, 'wb') do |f|
               f.write(entry.read)