Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] Is XMLRPC::Lite vulnerable to traversal attacks?

Expand Messages
  • Ilya Martynov
    ... IM According sources it seems that on_dispatch gets only one parameter: IM request object. IM So fix should look like IM     on_dispatch(sub { IM
    Message 1 of 6 , Apr 10 3:24 PM
    View Source
    • 0 Attachment
      >>>>> On Wed, 10 Apr 2002 14:03:43 -0700, Tom Mornini <tmornini@...> said:

      IM> According sources it seems that on_dispatch gets only one parameter:
      IM> request object.

      IM> So fix should look like

      IM> ��� on_dispatch(sub {
      IM> ����������������������� die 'Access denied'
      IM> ��������������������������� if shift->dataof->name =~ /:|'/
      IM> �������������� })

      TM> Thanks! I've implemented that and it works as expected.

      TM> Does the same thing need to be done to XMLRPC::Lite?

      XMLRPC::Lite looks like vulnerable because it heavily relies on
      SOAP::Lite code (i.e. XMLRPC::Lite mostly is just collection of
      subclasses of various SOAP::Lite classes).

      I think is not possible to use this on_dispatch handler for
      XMLRPC::Lite::Server objects because unlike SOAP::Server they have
      on_dispatch handler by default. Were it overrided with another it may
      break XMLRPC::Lite functionality. I'm not sure. I've not tested it
      yet. For now it should be safer either use on_action handler or patch
      posted earlier.

      --
      Ilya Martynov (http://martynov.org/)
    Your message has been successfully submitted and would be delivered to recipients shortly.