Commit 35868623 authored by 127.0.0.1's avatar 127.0.0.1 Committed by amnesia
Browse files

No commit message

No commit message
parent 8d8515c5
......@@ -16,7 +16,7 @@ Specifically, the changes here are:
Failing to change this means that a URL like the following would match:
http://127x0y0z1/maliciousscript.php:7657
http: //127x0y0z1/maliciousscript.php:7657
So, a machine named 127x0y0z1 on the same LAN could be accessed without the proxy. Not that machine names should begin with numbers, but still...
......@@ -26,17 +26,17 @@ So, a machine named 127x0y0z1 on the same LAN could be accessed without the prox
Failing to change this means that a URL like the following would match:
http://example.com/maliciousscript.php?localhost:7657
http: //example.com/maliciousscript.php?localhost:7657
3) Added the final $ anchor, without which the final (/.*)? became meaningless.
Failing to change this means that URLs like the following would match:
http://localhost:76579
http: //localhost:76579
or
http://localhost:7657?something=bad
http: //localhost:7657?something=bad
Not a terrible risk, but who can tell what's running on port 76579? So if you want to guarantee anything following the port number is separated by a slash, you need that anchor.
......@@ -47,7 +47,7 @@ While we're at it, let's look at the other regexps on that page.
Well, the following would match:
http://malicious.example.com?.i2p
http: //malicious.example.com?.i2p
That is, a regular .com site could be sent through the .i2p filter. No idea if that could be exploited, but let's fix that up anyway.
......@@ -86,3 +86,5 @@ Many apologies if my English is unclear: please feel free to ask for clarificati
> Thanks! All this was fixed in the devel branch (41ee709)
> => [[!taglink pending]]
>> Thanks for the update, and for fixing up my markup - I learned stuff! :D Is the devel branch publicly available on some SVN somewhere or something? I'd kinda like to doublecheck that the final regexes look good, and to fix the pages here to show the regexes actually used.
>> Unfortunately, looks like blogspam still won't let me post this page without messing the URLs, though... would that it only checked the diff, rather than the whole page!
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment