Loading ...
Sorry, an error occurred while loading the content.

Is XMLRPC::Lite vulnerable to traversal attacks?

Expand Messages
  • Tom Mornini
    ... Thanks! I ve implemented that and it works as expected. Does the same thing need to be done to XMLRPC::Lite? -- -- Tom Mornini -- eWingz Systems, Inc. --
    Message 1 of 6 , Apr 10, 2002
    • 0 Attachment
      On Wednesday, April 10, 2002, at 11:14 AM, Ilya Martynov wrote:

      > >>>>> On Wed, 10 Apr 2002 09:04:35 -0700, Tom Mornini
      > <tmornini@...> said:
      >
      > TM> That's true. Actual patch does it inside the handler, so you don't
      > TM> need to do anything in your code.
      >
      > TM> does that mean you agree that the immediate fix is:
      >
      > TM> on_dispatch(sub { die 'Access denied' if $_[2] =~ /:|'/ })
      >
      > TM> does on_dispatch receive the same parameter list as on_action?
      >
      > According sources it seems that on_dispatch gets only one parameter:
      > request object.
      >
      > So fix should look like
      >
      >     on_dispatch(sub {
      >                         die 'Access denied'
      >                             if shift->dataof->name =~ /:|'/
      >                })

      Thanks! I've implemented that and it works as expected.

      Does the same thing need to be done to XMLRPC::Lite?

      --
      -- Tom Mornini
      -- eWingz Systems, Inc.
      --
      -- ICQ: 113526784, AOL: tmornini, Yahoo: tmornini, MSN: tmornini
    • Ilya Martynov
      ... IM According sources it seems that on_dispatch gets only one parameter: IM request object. IM So fix should look like IM     on_dispatch(sub { IM
      Message 2 of 6 , Apr 10, 2002
      • 0 Attachment
        >>>>> On Wed, 10 Apr 2002 14:03:43 -0700, Tom Mornini <tmornini@...> said:

        IM> According sources it seems that on_dispatch gets only one parameter:
        IM> request object.

        IM> So fix should look like

        IM> ��� on_dispatch(sub {
        IM> ����������������������� die 'Access denied'
        IM> ��������������������������� if shift->dataof->name =~ /:|'/
        IM> �������������� })

        TM> Thanks! I've implemented that and it works as expected.

        TM> Does the same thing need to be done to XMLRPC::Lite?

        XMLRPC::Lite looks like vulnerable because it heavily relies on
        SOAP::Lite code (i.e. XMLRPC::Lite mostly is just collection of
        subclasses of various SOAP::Lite classes).

        I think is not possible to use this on_dispatch handler for
        XMLRPC::Lite::Server objects because unlike SOAP::Server they have
        on_dispatch handler by default. Were it overrided with another it may
        break XMLRPC::Lite functionality. I'm not sure. I've not tested it
        yet. For now it should be safer either use on_action handler or patch
        posted earlier.

        --
        Ilya Martynov (http://martynov.org/)
      Your message has been successfully submitted and would be delivered to recipients shortly.