Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] Re: Preventing package name traversal attacks

Expand Messages
  • Robert Taylor
    Thanks, Paul and Ilya, for addressing this serious issue. ... This server side check works for me. __________________________________________________ Do You
    Message 1 of 9 , Apr 10, 2002
    • 0 Attachment
      Thanks, Paul and Ilya, for addressing this serious
      issue.

      --- Paul Kulchenko <paulclinger@...> wrote:
      > Hi, Ilya!
      > ...
      >
      > To disable it on server side you may use on_action
      > handler:
      >
      > ->on_action(sub { die "Access denied\n" if $_[2]
      > =~ /:|'/ })

      This server side check works for me.




      __________________________________________________
      Do You Yahoo!?
      Yahoo! Tax Center - online filing with TurboTax
      http://taxes.yahoo.com/
    • give_me_a_donut
      I have access to two versions of SOAP::Lite, one is 0.46 and one is 0.52. I have found 0.52 to be vulnerable to the phrack exploit, yet 0.46 seems to perform
      Message 2 of 9 , Apr 10, 2002
      • 0 Attachment
        I have access to two versions of SOAP::Lite, one is 0.46 and one is
        0.52. I have found 0.52 to be vulnerable to the phrack exploit, yet
        0.46 seems to perform some type of validation and hence is not
        affected by the exact problem. This is quite a good thing, as last
        time I checked ActiveState was still shipping 0.46 with their
        distribution and making no later version available via PPM.

        When I try the exploit on a SOAP::Lite 0.46 server, I recieve the
        following fault message in reply ( dumped via Data::Dumper's
        Dumper($response->fault) )

        'faultcode' => 'SOAP-ENV:Client',
        'detail' => 'SOAPAction shall match \'uri#method\' if present',
        'faultstring' => 'Bad SOAPAction',
        'faultactor' => 'http://hostname:port/'

        If anyone has further information on this, or has seen a working
        exploit on this version, please let me know.

        Regards,
        Michael
      Your message has been successfully submitted and would be delivered to recipients shortly.