swfocus / googlesitemapgenerator

Automatically exported from code.google.com/p/googlesitemapgenerator
Apache License 2.0
0 stars 0 forks source link

Dangerous URLS (forged with include file attacks for example) can be indexed in the sitemap #10

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Forge an url with a cross side code inclusion to the website under
control of sitemap generator
2. Look your sitemap later
3. Url is included...

It seems any url requested by a customer or a robot can be indexed by
sitemaps since the url dont give a 404. It's very dangerous for site where
url rewriting rules can accept permissive rules, or for site who accept
additionnal parameters on the urls.

OS: Linux RHEL5.3
Sitemap Generator version : sitemap_linux-i386-beta1.tar.gz
Apache 2.2

Original issue reported on code.google.com by jp.civ...@gmail.com on 23 Jan 2009 at 7:20

GoogleCodeExporter commented 8 years ago
Thanks for the information.

It's a limitation of sitemap generator because of the internal working 
mechanism.
You can only exclude non-404 URLs by included/excluded rules.
And for parameters, only pre-configured parameters key can appear in sitemap.
(This implies that parameter value can be any value.)

Hope I understand you correctly.

Original comment by ma...@google.com on 16 Feb 2009 at 1:00

GoogleCodeExporter commented 8 years ago
I'm getting the same results.  Now, Google Webmaster Tools shows a huge amount 
of Crawl errors for us.  

The majority of bad urls come from bots. For instance, various attempts to 
access:
/admin
/myadmin
/phpmyadmin

I hope a fix for this comes soon. 

Original comment by ovt.joro...@gmail.com on 5 Dec 2010 at 6:28

GoogleCodeExporter commented 8 years ago
http://www.chiteamfans.com/  
http://www.chiteamfans.com/43-patrick-kane-jersey   Patrick Kane Jersey   
http://www.chiteamfans.com/9-adam-burish-jersey   Adam Burish Jersey   
http://www.chiteamfans.com/10-andrew-ladd-jersey   Andrew Ladd Jersey   
http://www.chiteamfans.com/11-antti-niemi-jersey   Antti Niemi Jersey   
http://www.chiteamfans.com/12-ben-eager-jersey   Ben Eager Jersey   
http://www.chiteamfans.com/14-bobby-hull-jersey   Bobby Hull Jersey   
http://www.chiteamfans.com/15-bobby-orr-jersey   Bobby Orr Jersey   
http://www.chiteamfans.com/16-brent-seabrook-jersey   Brent Seabrook Jersey   
http://www.chiteamfans.com/17-brent-sopel-jersey   Brent Sopel Jersey   
http://www.chiteamfans.com/18-brian-campbell-jersey   Brian Campbell Jersey   
http://www.chiteamfans.com/19-chris-chelios-jersey   Chris Chelios Jersey   
http://www.chiteamfans.com/20-clark-griswold-jersey   Clark Griswold Jersey   
http://www.chiteamfans.com/21-corey-crawford-jersey   Corey Crawford Jersey   
http://www.chiteamfans.com/22-cristobal-huet-jersey   Cristobal Huet Jersey   
http://www.chiteamfans.com/23-dan-carcillo-jersey   Dan Carcillo Jersey   
http://www.chiteamfans.com/24-daniel-carcillo-jersey   Daniel Carcillo Jersey   
http://www.chiteamfans.com/25-dave-bolland-jersey   Dave Bolland Jersey   
http://www.chiteamfans.com/26-denis-savard-jersey   Denis Savard Jersey   
http://www.chiteamfans.com/27-duncan-keith-jersey   Duncan Keith Jersey   
http://www.chiteamfans.com/28-dustin-byfuglien-jersey   Dustin Byfuglien Jersey 

http://www.chiteamfans.com/29-ed-belfour-jersey   ED Belfour Jersey   
http://www.chiteamfans.com/30-glean-hall-jersey   Glean Hall Jersey   
http://www.chiteamfans.com/31-jeremy-morin-jersey   Jeremy Morin Jersey   
http://www.chiteamfans.com/32-jeremy-roenick-jersey   Jeremy Roenick Jersey   
http://www.chiteamfans.com/33-john-madden-jersey   John Madden Jersey   
http://www.chiteamfans.com/34-jonathan-toews-jersey   Jonathan Toews Jersey   
http://www.chiteamfans.com/35-keith-magnuson-jersey   Keith Magnuson Jersey   
http://www.chiteamfans.com/36-kris-versteeg-jersey   Kris Versteeg Jersey   
http://www.chiteamfans.com/37-marian-hossa-jersey   Marian Hossa Jersey   
http://www.chiteamfans.com/38-martin-havlat-jersey   Martin Havlat Jersey   
http://www.chiteamfans.com/39-marty-turco-jersey   Marty Turco Jersey   
http://www.chiteamfans.com/40-michael-jordan-jersey   Michael Jordan Jersey   
http://www.chiteamfans.com/41-nick-leddy-jersey   Nick Leddy Jersey   
http://www.chiteamfans.com/42-niklas-hjalmarsson-jersey   Niklas Hjalmarsson 
Jersey   
http://www.chiteamfans.com/44-patrick-sharp-jersey   Patrick Sharp Jersey   
http://www.chiteamfans.com/45-stan-mikita-jersey   Stan Mikita Jersey   
http://www.chiteamfans.com/46-steve-larmer-jersey   Steve Larmer Jersey   
http://www.chiteamfans.com/47-tomas-kopecky-jersey   Tomas Kopecky Jersey   
http://www.chiteamfans.com/48-tony-esposito-jersey   Tony Esposito Jersey   
http://www.chiteamfans.com/49-troy-brouwer-jersey   Troy Brouwer Jersey  

Original comment by nhlfanat...@gmail.com on 6 Mar 2014 at 4:32