Catching directory transversals passed through QueryString
- From: "Merennulli" <maross@xxxxxxxxxxxxxxxx>
- Date: 8 Mar 2006 14:43:46 -0800
Ok, the gist of the problem is I have a site my predecessor created
that much of it goes through a single asp.net app. For some reason,
instead of using templates or includes, he passed everything through
this one bit of code that dumped html and flat text in the middle of
the page. To keep it dynamic, he has the querystring take in a
filename. eg.
http://www.oursite.net/default.aspx?filename=/folder/file.txt
Of course, this leaves it wide open for
http://www.oursite.net/default.aspx?filename=../web.config
or
http://www.oursite.net/default.aspx?filename=../../../Inetpub/wwwroot/default.aspx
or worse.
For now, I'm just using regex to require either ".txt" or ".htm?" and
then catch "../" and hit the breaks if it finds that. I'm concerned,
though, that there might be other ways of exploiting this.
.
- Follow-Ups:
- Re: Catching directory transversals passed through QueryString
- From: Kevin Spencer
- Re: Catching directory transversals passed through QueryString
- Prev by Date: Re: How do I have two user controls with one code-behind file?
- Next by Date: Re: add control to a datalist
- Previous by thread: ASP.NET 2.0 Developers required
- Next by thread: Re: Catching directory transversals passed through QueryString
- Index(es):
Relevant Pages
|
Loading
