Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 170111 Details for
Bug 244741
net-p2p/ktorrent <2.2.8 web interface plugin vulnerable to PHP injection (CVE-2008-{5905,5906})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ktorrent-2.2.7-php-injection.patch
ktorrent-2.2.7-php-injection.patch (text/plain), 1.33 KB, created by
Robert Buchholz (RETIRED)
on 2008-10-28 15:00:27 UTC
(
hide
)
Description:
ktorrent-2.2.7-php-injection.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-10-28 15:00:27 UTC
Size:
1.33 KB
patch
obsolete
>Index: ktorrent-2.2.7/plugins/webinterface/php_handler.cpp >=================================================================== >--- ktorrent-2.2.7.orig/plugins/webinterface/php_handler.cpp >+++ ktorrent-2.2.7/plugins/webinterface/php_handler.cpp >@@ -82,7 +82,9 @@ namespace kt > > for ( it = args.begin(); it != args.end(); ++it ) > { >- ts << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); >+ // Check for string delimiters, don't want PHP injection attacks >+ if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) >+ ts << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); > } > ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script > ts << flush; >@@ -116,6 +118,10 @@ namespace kt > } > } > >+ bool PhpHandler::containsDelimiters(const QString & str) >+ { >+ return str.contains("\"") || str.contains("'"); >+ } > } > > #include "php_handler.moc" >Index: ktorrent-2.2.7/plugins/webinterface/php_handler.h >=================================================================== >--- ktorrent-2.2.7.orig/plugins/webinterface/php_handler.h >+++ ktorrent-2.2.7/plugins/webinterface/php_handler.h >@@ -43,6 +43,9 @@ namespace kt > void onExited(); > void onReadyReadStdout(); > >+ private: >+ bool containsDelimiters(const QString & str); >+ > signals: > void finished(); >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 244741
:
170106
|
170108
|
170109
| 170111