Message 386945 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	hamzaavvan
Recipients	hamzaavvan, paul.moore, steve.dower, tim.golden, zach.ware
Date	2021-02-14.11:42:36
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1613302956.91.0.878390782912.issue43223@roundup.psfhosted.org>
In-reply-to

Content
The provided version of python distros 3.8.7 and 3.7.4 are vulnerable to open redirection while traversing to an existing directory. # PAYLOAD http://127.0.0.1:8000//attacker.com/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../.ssh In this case, the actual path of .ssh was: http://127.0.0.1:8000/.ssh Upon visiting the payload URI the python server will respond back with a Location header instead of serving the directory contents directly which triggers the redirection to attacker.com Server: SimpleHTTP/0.6 Python/3.8.7

The provided version of python distros 3.8.7 and 3.7.4 are vulnerable to open redirection while traversing to an existing directory.

# PAYLOAD
http://127.0.0.1:8000//attacker.com/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../.ssh

In this case, the actual path of .ssh was:
http://127.0.0.1:8000/.ssh

Upon visiting the payload URI the python server will respond back with a Location header instead of serving the directory contents directly which triggers the redirection to attacker.com

Server: SimpleHTTP/0.6 Python/3.8.7

History
Date	User	Action	Args
2021-02-14 11:42:36	hamzaavvan	set	recipients: + hamzaavvan, paul.moore, tim.golden, zach.ware, steve.dower
2021-02-14 11:42:36	hamzaavvan	set	messageid: <1613302956.91.0.878390782912.issue43223@roundup.psfhosted.org>
2021-02-14 11:42:36	hamzaavvan	link	issue43223 messages
2021-02-14 11:42:36	hamzaavvan	create