Closed mariohammel closed 1 year ago
Our hosting provider sends us a information about a RFI Exploit [P1419] on our webpage. I found the following snipped in a cached file (Craft Template Caching):
<meta property="og:url" content="https://example.com/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f../etc/passwd" /> <meta name="twitter:url" content="https://example.com/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f../etc/passwd" /> <link rel="canonical" href="https://dextra.ch/../../../../../../../../../../../../etc/passwd">
Is it possible to validate such parameters?
Description
Our hosting provider sends us a information about a RFI Exploit [P1419] on our webpage. I found the following snipped in a cached file (Craft Template Caching):
Is it possible to validate such parameters?
Steps to reproduce
Additional info