The following warnings occurred:
Warning [2] Undefined array key "profilelink_plain" - Line: 5 - File: inc/functions_post.php(951) : eval()'d code PHP 8.1.26 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/inc/functions_post.php(951) : eval()'d code 5 errorHandler->error_callback
/inc/functions_post.php 951 eval
/showthread.php 1121 build_postbit
Warning [2] Undefined variable $useravatar - Line: 5 - File: inc/functions_post.php(951) : eval()'d code PHP 8.1.26 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/inc/functions_post.php(951) : eval()'d code 5 errorHandler->error_callback
/inc/functions_post.php 951 eval
/showthread.php 1121 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 5 - File: inc/functions_post.php(951) : eval()'d code PHP 8.1.26 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/inc/functions_post.php(951) : eval()'d code 5 errorHandler->error_callback
/inc/functions_post.php 951 eval
/showthread.php 1121 build_postbit




File access vulnerability of WEBrick

3 Replies, 9147 Views

WEBrick, a standard library of Ruby to implement HTTP servers, has file access vulnerability.
Impact

The following programs are vulnerable.

  1. Programs that publish files using WEBrick::HTTPServer.new with the Big GrinocumentRoot option
  2. Programs that publish files using WEBrick::HTTPServlet::FileHandler

Affected systems are:

  1. Systems that accept backslash (\) as a path separator, such as Windows.
  2. Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X.

This vulnerability has the following impacts.

  1. Attacker can access private files by sending a url with url encoded backslash (\). This exploit works only on systems that accept backslash as a path separator.

      Example:

      hxxp://[server]:[port]/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini

  2. Attacker can access files that matches to the patterns specified by the :NondisclosureName option (the default value is [".ht*", "*~"]). This exploit works only on systems that use case insensitive filesystems.

Vulnerable versions

1.8 series

        * 1.8.4 and all prior versions
        * 1.8.5-p114 and all prior versions
        * 1.8.6-p113 and all prior versions

1.9 series

        * 1.9.0-1 and all prior versions

Solution

1.8 series
    Please upgrade to 1.8.5-p115 or 1.8.6-p114.

        * <URL:fxp://vtp.ruby-lang.0rg/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz> (md5sum: 20ca6cc87eb077296806412feaac0356)
        * <URL:fxp://vtp.ruby-lang.0rg/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz> (md5sum: 500a9f11613d6c8ab6dcf12bec1b3ed3)

1.9 series
    Please apply the following patch to lib/webrick/httpservlet/filehandler.rb.

        * <URL:fxp://vtp.ruby-lang.0rg/pub/ruby/1.9/ruby-1.9.0-1-webrick-vulnerability-fix.diff> (md5sum: b7b58aed40fa1609a67f53cfd3a13257)

Please note that a package that corrects this weakness may already be available through your package management software.
Credit

Credit to Digital Security Research Group (<URL:hxxp://dsec.ru/>) for disclosing the problem to Ruby Security Team.
Whats WEBrick
(10-25-2010, 11:20 AM)Nikorasu link Wrote: Whats WEBrick
I didn't know but I know now cause I googled it! Its
Quote:WEBrick is a Ruby library providing simple HTTP web server services.
Great article Smile as always Big Grin
Ihost4you.com



Users browsing this thread: 1 Guest(s)