New submission from Hamza AVvan <hamzaavv...@gmail.com>:
The provided version of python distros 3.8.7 and 3.7.4 are vulnerable to open redirection while traversing to an existing directory. # PAYLOAD http://127.0.0.1:8000//attacker.com/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../.ssh In this case, the actual path of .ssh was: http://127.0.0.1:8000/.ssh Upon visiting the payload URI the python server will respond back with a Location header instead of serving the directory contents directly which triggers the redirection to attacker.com Server: SimpleHTTP/0.6 Python/3.8.7 ---------- components: Windows files: Capture.PNG messages: 386945 nosy: hamzaavvan, paul.moore, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Open Redirection In Python 3.7 & 3.8 type: security versions: Python 3.7, Python 3.8 Added file: https://bugs.python.org/file49808/Capture.PNG _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43223> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
