Web-based arbitrary file grab?

Featuring the Dragonfly web framework

Web-based arbitrary file grab?

Postby kanen » Wed Dec 14, 2011 11:03 pm

When running newLisp in web mode and using the DragonFly framework, I've noticed redirection works fine, except when someone types something like:

Code: Select all
http://server//root-file


In this case, it grabs the /root-file contents and displays them as plain text in the browser.

Am I missing some obvious setting? This is clearly a problem.
. Kanen Flowers http://kanen.me .
kanen
 
Posts: 144
Joined: Thu Mar 25, 2010 6:24 pm

Re: Web-based arbitrary file grab?

Postby saulgoode » Thu Dec 15, 2011 6:18 pm

My speculation is that the problem is arising from the way Apache's mod_write handles parsing (assuming you are using mod_rewrite). Guile developer Andy Wingo offers a good description of this on his weblog.
saulgoode
 
Posts: 10
Joined: Sat Jul 16, 2011 6:15 am

Re: Web-based arbitrary file grab?

Postby kanen » Thu Dec 15, 2011 10:16 pm

I'm invoking newLisp and DragonFly directly:

Code: Select all
/usr/bin/newlisp" /var/web/framework/newlisp-redirection.lsp  -http -d 8080 -w /var/web


Short of writing a pre-processor prior to the url-rewrites in DragonFly, I just don't see any way to fix this issue, which only happens when I double slash for a root file return.

(major security issue, by the way)

saulgoode wrote:My speculation is that the problem is arising from the way Apache's mod_write handles parsing (assuming you are using mod_rewrite). Guile developer Andy Wingo offers a good description of this on his weblog.
. Kanen Flowers http://kanen.me .
kanen
 
Posts: 144
Joined: Thu Mar 25, 2010 6:24 pm


Return to So, what can you actually DO with newLISP?

Who is online

Users browsing this forum: No registered users and 1 guest

cron