When I used your online tool to check the RDFa attributes of my own website, I got the following error:
error IOError: Failed to open blog.skyplabs.net: No such file or directory @ rb_sysopen - blog.skyplabs.net
The problem here is that I didn't precise http://. Consequently, the software tried to find blog.skyplabs.net as a local file. This issue leads to a directory traversal attack, allowing an attacker to disclose information about the remote system.
For example, it is possible to know if a directory exists or not (with ../etc/ssh as input):
error Errno::EISDIR: Is a directory @ io_fread - ../etc/ssh
When used on a file which the format is not recognised by the parser, the error message tends to leak some precious information (with ../etc/os-release as input):
For example, an attacker could use this vulnerability to reveal the installed and running services on the remote host (with ../etc/mysql/my.cnf as input):
validation ../etc/mysql/my.cnf: Errors found during processing
validation ../etc/mysql/my.cnf: ERROR [line 19] Lexer error: With input 'client] port = 3306 socket = /var/run/mysqld/mysqld.sock # Here is entries for some specific progr': Invalid token "client]": {:production=>:predicateObjectList, :token=>"client]"}:
validation ../etc/mysql/my.cnf: FATAL recovery: predicateObjectList: ";"
validation ../etc/mysql/my.cnf: FATAL recovery: blankNodePropertyList: "]"
validation ../etc/mysql/my.cnf: FATAL recovery: triples: ["."]
validation ../etc/mysql/my.cnf: FATAL recovery: statement: ["."]
We know now that the MySQL server is installed on the remote server and listens on port 3306. To check if it is currently running or not (with ../var/run/mysqld/mysqld.sock as input):
error IOError: Failed to open ../var/run/mysqld/mysqld.sock: No such file or directory @ rb_sysopen - ../var/run/mysqld/mysqld.sock
To fix this issue, the user inputs need to be checked to ensure that they are real URL addresses and not local files.
The text was updated successfully, but these errors were encountered:
Hi,
When I used your online tool to check the RDFa attributes of my own website, I got the following error:
The problem here is that I didn't precise
http://. Consequently, the software tried to findblog.skyplabs.netas a local file. This issue leads to a directory traversal attack, allowing an attacker to disclose information about the remote system.For example, it is possible to know if a directory exists or not (with
../etc/sshas input):When used on a file which the format is not recognised by the parser, the error message tends to leak some precious information (with
../etc/os-releaseas input):For example, an attacker could use this vulnerability to reveal the installed and running services on the remote host (with
../etc/mysql/my.cnfas input):We know now that the MySQL server is installed on the remote server and listens on port 3306. To check if it is currently running or not (with
../var/run/mysqld/mysqld.sockas input):To fix this issue, the user inputs need to be checked to ensure that they are real URL addresses and not local files.
The text was updated successfully, but these errors were encountered: