Fixing a path traversal vuln. in the file_server emulator

mushorg / glastopf

Web Application Honeypot

http://glastopf.org

551 stars 172 forks source link

Fixing a path traversal vuln. in the file_server emulator #272

Closed hun7err closed 8 years ago

hun7err commented 8 years ago

Unsanitized file path lead to a path traversal vulnerability in the file_server emulator allowing glastopf to read arbitrary files including configuration and the database file.

glaslos commented 8 years ago

Nice catch. Should be probably also fixed here: https://github.com/mushorg/glastopf/blob/master/glastopf/modules/classification/request.py#L84 Also check out SNARE and TANNER: https://github.com/mushorg/snare which succeed Glastopf

hun7err commented 8 years ago

Thanks! I've just created a PR for request.py as well. Thank you for recommending snare, wouldn't have known about it otherwise :)

katkad commented 8 years ago

Hello, nice catch.

Can you please share a reproducer ? I am trying to accomplish path traversal in my glastopf.

hun7err commented 8 years ago

Thanks and sorry for the late answer,

http://example.com/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd

was a url that worked for me.

katkad commented 8 years ago

@hun7err thank you very much. nice catch indeed