JacobJacob / wavsep

Automatically exported from code.google.com/p/wavsep
0 stars 0 forks source link

LFI test cases throwing: java.lang.IllegalArgumentException: URI has an authority component #8

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. 
/wavsep-v1.2/active/LFI-Detection-Evaluation-GET-500Error/Case10-LFI-FileClass-F
ilenameContext-Unrestricted-FileDirective-DefaultFullInput-NoPathReq-Read.jsp?ta
rget=content.ini
2. HTTP Status 500 with Exception details: java.lang.IllegalArgumentException: 
URI has an authority component is returned

What is the expected output? What do you see instead?
Should see contents of content.ini and be able to traversal attacks to access 
web.xml or include.jsp.

What version of the product are you using? On what operating system?
WAVSEP v1.2

Please provide any additional information below.
Installed into tomcat 6.0.20

Looks like your path is being concatenated incorrectly. The two 'exploits' you 
list don't work due as is. It's pretty apparent from the output log what is 
happening, unless of course I'm missing something obvious (which might be the 
case :>)

Log output:
File delimiter: /
Line delimiter (encoded):

User Directory Path (Absolute): /root
Deployment Path Root (Absolute): /usr/share/tomcat6/webapps/wavsep-v1.2
Deployment Path Current File (Absolute): 
/usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GET-500Er
ror/Case10-LFI-FileClass-FilenameContext-Unrestricted-FileDirective-DefaultFullI
nput-NoPathReq-Read.jsp
Deployment Path Current Directory (Absolute): 
/usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GET-500Er
ror
Web Path Root (Relative): /wavsep-v1.2
Web Path of File (Relative-no-root): 
/active/LFI-Detection-Evaluation-GET-500Error/Case10-LFI-FileClass-FilenameConte
xt-Unrestricted-FileDirective-DefaultFullInput-NoPathReq-Read.jsp
Web Path of Dir (Relative-no-root): 
/active/LFI-Detection-Evaluation-GET-500Error
request URL: 
http://192.168.218.131:8080/wavsep-v1.2/active/LFI-Detection-Evaluation-GET-500E
rror/Case10-LFI-FileClass-FilenameContext-Unrestricted-FileDirective-DefaultFull
Input-NoPathReq-Read.jsp
Current directory's canonical path: /root
Current directory's absolute path: /root/.
*****Initial Prefix*****: 
/usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GET-500Er
ror

Default Target File (Prior to Concat): content.ini
Default Base Path (Prior to Concat): 
file://usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GET
-500Error/
Default Target File: content.ini
Default Base Path: 
file://usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GET
-500Error/

Final Relative Access:/active/LFI-Detection-Evaluation-GET-500Error/content.ini
Final Full 
Access:/usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GE
T-500Error/content.ini
Target File: content.ini

File:file://usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluatio
n-GET-500Error/content.ini
prefix:/usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GE
T-500Error/
File to 
access:/usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Evaluation-GE
T-500Error/file://usr/share/tomcat6/webapps/wavsep-v1.2/active/LFI-Detection-Eva
luation-GET-500Error/content.ini
Current Absultoe File Path: /root/.
Current Canonical Dir Path: /root

Note the 'File to access' line has the path + the file:// path concatented 
together. My question is, does this work in your environment? It seems like a 
code issue not an environment issue that would allow for this test case to 
succeed. I've seen this error in a number of other cases (still working through 
which ones at the moment). 
-Isaac

Original issue reported on code.google.com by isaac.da...@gmail.com on 20 Jul 2012 at 9:00

GoogleCodeExporter commented 9 years ago
isolated the issue - 
it seems test cases with the the file:// URL don't work well on linux, because 
unlike XP, the URL format only works with file:/ (a single slash).

Will fix the issue soon... in the meantime, change the URL in the default 
input, or use on windows

Original comment by sectoola...@gmail.com on 21 Jul 2012 at 10:34

GoogleCodeExporter commented 9 years ago
case 12
case 14
case 18
and so on
has the problem
They seem to be used the same way

Original comment by f00y...@gmail.com on 15 Jul 2014 at 7:48