Actions
Bug #13425
closedInvalid alias name can still be used by code attempting to validate URL table content
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
When validating an alias on save, the name is checked for validity, however the name is still used during validation by process_alias_urltable()
.
The name is used as-is for a filename which means it may include invalid components such as ../
, |
and other characters to traverse paths and create arbitrary files.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d.
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jordan G about 2 years ago
when attempting to save an alias in 23.01.a.20221111.0600 include an additional / at the end of a URL results in
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 3863, Message: Maximum execution time of 900 seconds exceeded @ 2022-11-12 18:00:31
Updated by Jim Pingle about 2 years ago
Updated by Jim Pingle about 2 years ago
- Status changed from Feedback to Resolved
Attempting a previously working exploit no longer creates an arbitrary file. Marking resolved.
Actions