Bug #5203: Directory transversal in Configuration History - pfSense - pfSense bugtracker

Actions

Copy link

Bug #5203

closed

Directory transversal in Configuration History

Added by Fernando Munoz about 9 years ago. Updated about 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

Web Interface

Target version:

2.2.5

Start date:

09/24/2015

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

All

Description

getcfg parameter doesn't filter chars with as .. or / this way an admin can retrieve other XML files from the system.

- https://localhost:9090/diag_confbak.php?getcfg=../../../../../../../../cf/conf/config

I don't think it's critical since the admin could still download the current config or any other files from other places or SSH, but still you may want to get it fixed.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #5203

Directory transversal in Configuration History

Updated by Jim Pingle about 9 years ago

Updated by Jim Pingle about 9 years ago

Updated by Jim Pingle about 9 years ago

Updated by Chris Buechler about 9 years ago