orf
commented
9 years ago Awesome, thank you so much for this! I will incorporate these into the new version ASAP.
I take it apart from these changes xcat worked fine while actually retrieving data? On 6 Dec 2014 18:58, "Florent Daigniere" notifications@github.com wrote:
Here's a small set of patch required to exploit MATTA-2013-004 (CVE-2014-1409) using xcat 0.6.
Might be worth merging if you ever do a maintainance release; I've not checked whether the HTTP-error code handling has been fixed in recent
versions
You can merge this Pull Request by running
git pull https://github.com/nextgens/xcat master
Or view, comment on, or merge it at:
https://github.com/orf/xcat/pull/9 Commit Summary
- Allow for a referrer to be specified
- The logic is not quite right; it can be HTTP codes too
- Fix the HTTP-error code case
File Changes
- M src/lib/payloads.py https://github.com/orf/xcat/pull/9/files#diff-0 (4)
- M src/xcat.py https://github.com/orf/xcat/pull/9/files#diff-1 (5)
Patch Links:
— Reply to this email directly or view it on GitHub https://github.com/orf/xcat/pull/9.
nextgens
Here's a small set of patch required to exploit MATTA-2013-004 (CVE-2014-1409) using xcat 0.6.
Might be worth merging if you ever do a maintainance release; I've not checked whether the HTTP-error code handling has been fixed in recent versions