Text only | Text with Images

newLISP Fan Club

Forum => So, what can you actually DO with newLISP? => Topic started by: kanen on December 14, 2011, 03:03:33 PM

Title: Web-based arbitrary file grab?
Post by: kanen on December 14, 2011, 03:03:33 PM
When running newLisp in web mode and using the DragonFly framework, I've noticed redirection works fine, except when someone types something like:


Code Select
http://server//root-file

In this case, it grabs the /root-file contents and displays them as plain text in the browser.



Am I missing some obvious setting? This is clearly a problem.
Title: Re: Web-based arbitrary file grab?
Post by: saulgoode on December 15, 2011, 10:18:31 AM
My speculation is that the problem is arising from the way Apache's mod_write handles parsing (assuming you are using mod_rewrite). Guile developer Andy Wingo offers a good description of this on his weblog (//http).
Title: Re: Web-based arbitrary file grab?
Post by: kanen on December 15, 2011, 02:16:30 PM
I'm invoking newLisp and DragonFly directly:


Code Select
/usr/bin/newlisp" /var/web/framework/newlisp-redirection.lsp  -http -d 8080 -w /var/web

Short of writing a pre-processor prior to the url-rewrites in DragonFly, I just don't see any way to fix this issue, which only happens when I double slash for a root file return.



(major security issue, by the way)


Quote from: "saulgoode"My speculation is that the problem is arising from the way Apache's mod_write handles parsing (assuming you are using mod_rewrite). Guile developer Andy Wingo offers a good description of this on his weblog (//http).
Text only | Text with Images