[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] security risk of unexpected download filenames

From: Micah Cowan
Subject: Re: [Bug-wget] security risk of unexpected download filenames
Date: Thu, 20 May 2010 14:51:30 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100423 Thunderbird/3.0.4

On 05/20/2010 02:47 PM, Solar Designer wrote:
> That's correct, except for the "only ... into the home directory" part.
> In practice, this restriction may apply most of the time, but there are
> scenarios where a download into another directory could also allow for
> an attack.  For example, a cron job on a web hosting account may use
> wget to update a file below the "document root".  An attack would be to
> provide an .htaccess file instead.

Hm... a problem with this is that it also applies to the case when
someone is recursively-fetching, and the remote server is (even
accidentally) misconfigured to include .htaccess in auto-generated
indexes (and to allow public reading of that file). No obvious way to
avoid that situation that I can think of... might be worth documenting

Micah J. Cowan

reply via email to

[Prev in Thread] Current Thread [Next in Thread]