Fix h1 report 148745

Reflected file download ----------------------- Abdullah Hussam has reported via HackerOne that www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain. CWE: CWE-79 CVSSv2: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVSSv3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C CVSSv3 Base Score: 9.6 CVSSv3 Temporal Score: 8.9
revive-adserver · Sep 27, 2016 · 69aacbd · 69aacbd
1 parent 71812ba
commit 69aacbd
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/www/delivery_dev/asyncspc.php b/www/delivery_dev/asyncspc.php
@@ -29,6 +29,12 @@
 /* Main code                                             */
 /*-------------------------------------------------------*/
 
+// Protect from Reflected File Download attacks
+if (preg_match('/[^a-zA-Z0-9_-]/', $prefix)) {
+    MAX_sendStatusCode(400);
+    exit;
+}
+
 // Derive the source parameter
 $source = MAX_commonDeriveSource($source);