Actions
Bug #13425
closedInvalid alias name can still be used by code attempting to validate URL table content
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
When validating an alias on save, the name is checked for validity, however the name is still used during validation by process_alias_urltable()
.
The name is used as-is for a filename which means it may include invalid components such as ../
, |
and other characters to traverse paths and create arbitrary files.
Updated by Jim Pingle about 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d.
Updated by Jim Pingle 12 months ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jim Pingle 10 months ago
- Status changed from Feedback to Resolved
Attempting a previously working exploit no longer creates an arbitrary file. Marking resolved.
Actions