Skip to content
Permalink
Browse files

Fix h1 report 148745

Reflected file download
-----------------------

Abdullah Hussam has reported via HackerOne that www/delivery/asyncspc.php
was vulnerable to the fairly new Reflected File Download (RFD) web attack
vector that enables attackers to gain complete control over a victim's
machine by virtually downloading a file from a trusted domain.

CWE: CWE-79
CVSSv2: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSSv3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CVSSv3 Base Score: 9.6
CVSSv3 Temporal Score: 8.9
  • Loading branch information...
mbeccati committed Sep 27, 2016
1 parent 71812ba commit 69aacbd26480f94f986cd136bbf82854109ee545
Showing with 6 additions and 0 deletions.
  1. +6 −0 www/delivery_dev/asyncspc.php
@@ -29,6 +29,12 @@
/* Main code */
/*-------------------------------------------------------*/
// Protect from Reflected File Download attacks
if (preg_match('/[^a-zA-Z0-9_-]/', $prefix)) {
MAX_sendStatusCode(400);
exit;
}
// Derive the source parameter
$source = MAX_commonDeriveSource($source);

0 comments on commit 69aacbd

Please sign in to comment.
You can’t perform that action at this time.