On 13/12/2011 10:02 AM, Bart Trojanowski wrote:
2011/12/13 Jean-François Bilodeau <jfbilodeau [ at ] chronogears [ dot ] com
<mailto:jfbilodeau [ at ] chronogears [ dot ] com>>
May I recommend that instead of banning, you close the security hole?
Disable whatever is allowing content access via ?xxx=.
Doesn't that mean stopping apache?
I am not a web developer of any means, but I think you can pass a
?xxx= request to index.html. Since the .html is not dynamic, it will
just ignore the ?xxx= part.
-Bart
It should, but if the probe was successful with
/?file=../../../../../../proc/self/environ%00, that tells me that the
index may be a script (ie: index.php instead of index.html).
Another possibility is that the query string was indeed ignored, and
there is no security hole.
Jeff: have you tried to /?file=../../../../../../proc/self/environ%00
url? Did that return anything unwanted?
J-F