]> git.koha-community.org Git - koha.git/commit
Bug 14408 Path traversal vulnerability
authorJonathan Druart <jonathan.druart@koha-community.org>
Fri, 19 Jun 2015 08:12:45 +0000 (10:12 +0200)
committerFridolin Somers <fridolin.somers@biblibre.com>
Tue, 23 Jun 2015 15:51:21 +0000 (17:51 +0200)
commit7c6ec195181b5cea3f108285f16afb1cd1654783
treedfa127c642961febbe34854bf1be25e80de8e29d
parent94c66f92ee11b81889dd6550acd664f2344cd19f
Bug 14408 Path traversal vulnerability

/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search

Are vulnerable

To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
  Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  (You may have add more ..%2f or remove them to get the correct path)
  Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found

Repeat for the other script also

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
(cherry picked from commit 0b7647eff31c85d8f7e1e5a50fd82d3b94eec816)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Conflicts:
C4/Auth.pm
C4/Auth.pm